Researchers have discovered that Intel Management Engine (Intel ME) 11, a dedicated (and non-optional) microcontroller integrated into all Intel chipsets, can be disabled through a publicly undocumented mode.
“Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform,” Positive Technologies researchers Dmitry Sklyarov, Mark Ermolov, and Maxim Goryachy explained.
Intel ME is a hardware component that runs its own OS, and is loaded with several firmware modules that allow things like remote out-of-band management of personal computers (Active Management Technology), and easy creation of secure cryptographic keys, remote software attestation, authentication of hardware devices, etc. More…