|If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.|
||Thread Tools||Display Modes|
If you're on an Intel machine that you've purchased in the past 2-3years
If you're on an Intel machine that you've purchased in the past 2-3
years, that computer almost certainly has an Intel Management Engine.
You might not know what that is, and that's okay. You may also be
unaware that the operating system on your computer could be
leveraging features in the Intel Management Engine when consuming
What is the Intel Management Engine?
It's a coprocessor sitting on the same die as your CPU(s).
Crossposting this to comp.sys.intel would have been a useful thing to
So I have done that.
Here is a description for Intel Active Management Technology
It seems to have first become available on retail computers sold
starting in Q1 2009. Basically, any Core i-something will have this.
Motherboards based on Core2 (socket 775) or older (socket 478) will not
have this junk.
Also - the spyware process or processor is not built into the CPU. It's
in a chip thats part of the motherboard chipset:
Until the release of Nehalem processors, the ME was usually embedded
into the motherboard's northbridge, following the Memory Controller Hub
(MCH) layout. With the newer Intel architectures (Intel 5 Series
onwards), ME is included into the Platform Controller Hub (PCH).
According to an independent analysis by Igor Skochinsky, it is based on
an ARC core, and the Management Engine runs the ThreadX RTOS from
Express Logic. According to this analysis, versions 1.x to 5.x of the ME
used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x
to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set
architecture). Starting with ME 7.1, the ARC processor can also execute
signed Java applets. The ME state is stored in a partition of the SPI
flash, using the Embedded Flash File System (EFFS).
Known vulnerabilities and exploits
A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35
chipset; it does not work for the later Q45 chipset as Intel implemented
additional protections. The exploit worked by remapping the normally
protected memory region (top 16 MB of RAM) reserved for the ME. The ME
rootkit could be installed regardless of whether the AMT is present or
enabled on the system, as the chipset always contains the ARC ME
coprocessor. (The "-3" designation was chosen because the ME coprocessor
works even when the system is in the S3 state, thus it was considered a
layer below the System Management Mode rootkits.) For the vulnerable
Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by
Another security evaluation by Vassilios Ververis showed serious
weaknesses in the GM45 chipset implementation. In particular, it
criticized AMT for transmitting unencrypted passwords in the SMB (small
business) provisioning mode when the IDE redirection and Serial over LAN
features are used. It also found that the "zero touch" provisioning mode
(ZTC) is still enabled even when the AMT appears to be disabled in BIOS.
For about 60 euros, Ververis purchased from Go Daddy a certificate that
is accepted by the ME firmware and allows remote "zero touch"
provisioning of (possibly unsuspecting) machines, which broadcast their
HELLO packets to would-be configuration servers.
Alost every day I find a new reason to smile at the fact that I'm STILL
running Windows 98 (on PC's with socket 478 or 775 CPU's) while everyone
else is getting the **** hacked out of them - one way or another (or
hundreds of other ways).
|Thread||Thread Starter||Forum||Replies||Last Post|
|What Linux distro to use for old Intel machine, that fits on CDs?||Robert Heller||Homebuilt PC's||22||July 5th 08 05:38 PM|
|What Linux distro to use for old Intel machine, that fits on CDs?||raylopez99||Homebuilt PC's||35||July 3rd 08 01:10 AM|
|What Linux distro to use for old Intel machine, that fits on CDs?||Robert Heller||Homebuilt PC's||0||June 28th 08 01:38 PM|
|Free Rootkit with Every New Intel Machine||Intel Guy||Intel||2||June 16th 07 07:02 PM|
|Fastest Intel Chip that can be purchased today||ajb||Intel||6||September 26th 06 08:53 AM|