So as it turns out, Intel has a secret computer inside your computer. At least if you have an Intel Central Processing Unit (CPU) in your computer; you know, Intel Inside™. The marketing slogan turns out to have more than one meaning.
It’s called the Intel Management Engine, the IME, and it has been included on Intel chipsets since 2008. It’s a tiny computer-within-a-computer, a nanocomputer, as it were, embedded in the CPU, with full access to your PC’s memory, display, network, and input devices. It runs code written by Intel, and Intel hasn’t shared a lot of information about its inner workings.
That’s troubling, to say the least. Even if you trust Intel not to steal your personal information, hack your bank accounts and steal your secrets,1 do you trust Intel to make the IME hack proof? That’s the question, isn’t it?
And you’re a fool if you do. We know it’s been hacked once.
On November 20, 2017, Intel announced serious security holes in Intel ME that had been discovered by third-party security researchers. These include both flaws that would allow an attacker with local access to run code with full system access, and remote attacks that would allow attackers with remote access to run code with full system access.
Intel offers a detection tool you can download and run to find out if your computer’s Intel ME is vulnerable, or whether it’s been fixed. Isn’t that special?
There are patches to fix the known vulnerabilities, but for reasons Intel hasn’t explained, it’s only available from your computer’s manufacturer.
If you think that’s going to be the only security flaw, the only hackable weakness of the IME, you’re naive.
Oh, and, said the Mac fan boy, the IME only operates on Windows and Linux computers. At least if you have you operating system up to date.
- And if you trust Intel and all its engineers, WC has a used bridge over the Chena River to sell you. ↩