Intel’s Management Engine (ME) has been a subject of controversy, with some security experts warning of its potential vulnerabilities. One such claim is that the ME allows for access to a computer even when the computer is not connected to the internet. This theory has been criticized by some as a spyware backdoor or corporate trojan malware. Intel has been fined multiple times for this practice, and a security advisory detailing eight vulnerabilities that impact core CPU technologies like the ME was published last night.
A 2021 meta-analysis study indicates that intuitive thinking style is unrelated to intelligence, making even smart people susceptible to the ME flaws. The key issue is how conspiracy theorists approach conspiracy theorists. Joseph Uscinski, a political scientist at the University of Miami, points out that it is unclear whether it is possible to debunk this conspiracy theory by implementing a third physical device between the computer and the router.
The Intel Management Engine is an embedded microcontroller running a lightweight microkernel operating system. It has been criticized for its security risks and has been called a backdoor with rootkit possibilities by many security experts. Intel has actively avoided Intel Active Management Technology and has worked hard to improve the situation, being the first manufacturer of new high-performance processors.
Intel has been fined multiple times for this practice, and Intel has published a security advisory detailing eight vulnerabilities that impact core CPU technologies such as the ME.
📹 Intel IME Problems Haunting Us 7 Years Later!
And all these threats resulted from Intel’s original intention to allow remote control using Intel Management Engine (IME).
What is code 43 CPU?
Error Code 43 may be attributed to a number of factors, including hardware-related issues, driver or settings corruption, or corrupted settings. To resolve this issue, it is recommended that the latest graphics drivers be installed from the system manufacturer, as these are customized. This may be accomplished by uninstalling the Intel Graphics Driver, the Intel® Display Audio Driver, or the Intel® HDMI Audio Driver via the Device Manager Method.
Should I disable Intel Management Engine?
Disabling the Intel Management Engine (ME) is a security and privacy measure, but it can also lead to unintended consequences such as losing important functionalities or incorrect system operation. Intel warns that disabling ME may have unintended consequences, so it’s crucial to research the implications and assess the necessity for your specific case. Slimbook has released a new BIOS update that adds the functionality to disable Intel ME, turning off the device in a similar manner to UEFI systems like Coreboot/Libreboot, but with the option to provide this choice to the end user. To update your Slimbook’s BIOS and EC, follow the tutorial on how to do so.
Is Intel Management Engine a security risk?
Intel has discovered a vulnerability in its Management Engine (ME), which runs on top of Intel computers and uses Intel chips. The vulnerability allows attackers to gain unauthorized access to systems and third-party secrets protected by the ME, Server Platform Service (SPS), or Trusted Execution Engine (TXE). The company claims that attackers can impersonate the ME/SPS/TXE, impacting local security feature attestation validity. Intel is not planning to fix the issue, as it believes that the attackers could use torches to light code on fire.
Is Intel Management Engine a backdoor?
Critics have accused Intel’s Memory Access Module (ME) of being a backdoor and a privacy concern, as it has full access to memory and the TCP/IP stack, bypassing the operating system’s firewall. Intel has denied these claims, stating that it does not design backdoors for access into its products or give control to computing systems without explicit user permission. The National Security Agency’s budget request for 2013 contained a Sigint Enabling Project, which aims to insert vulnerabilities into commercial encryption systems and IT systems.
Intel ME and AMD Secure Technology have been criticized for their involvement in this program. Intel has denied any involvement in any efforts to decrease the security of its technology. Intel’s response to these criticisms is a clear statement that does not involve any efforts to decrease the security of its technology.
Why does Intel Management Engine exist?
Intel Active Management Technology (AMT) is a hardware and firmware technology that enables remote out-of-band management of personal computers. It allows users to monitor, maintain, update, upgrade, and repair a computer. Purism Librem computers avoid CPUs with AMT and do not use Intel-based networking, disabling this capability at the hardware level. However, the Intel Management Engine (ME) is a separate independent processor core embedded inside the Multichip Package (MCP) on Intel CPUs.
It operates independently from the main processor, BIOS, and OS, but interacts with the BIOS and OS kernel. Purism has worked with Intel, motherboard design developers, and coreboot developers to develop a solid approach for running a freed Intel ME in the future. This would allow users to have hardware that respects their freedoms at the BIOS level.
Is an AMD PSP a backdoor?
The AMD Platform Security Processor (PSP), also known as AMD Secure Technology, is a trusted execution environment subsystem incorporated into AMD microprocessors since 2013. It is responsible for creating, monitoring, and maintaining the security environment, managing the boot process, initializing security mechanisms, and monitoring the system for suspicious activity or events. Critics worry that the PSP can be used as a backdoor and is a security concern. AMD has denied requests to open source the code that runs on the PSP.
The PSP is an ARM core with the TrustZone extension, inserted into the main CPU die as a coprocessor. It contains on-chip firmware that verifies the SPI ROM and loads off-chip firmware from it. In 2019, a Berlin-based security group discovered the off-chip firmware in ordinary UEFI image files, which could be easily analyzed. They found that the off-chip firmware contained an application resembling an entire micro operating system.
A Lenovo ThinkPad A285 notebook’s motherboard flash chip revealed that the PSP core is run before the main CPU and its firmware bootstrapping process starts just before basic UEFI is loaded. This raises concerns over data safety.
The PSP is used to implement hardware downcoring, making specific cores permanently inaccessible during manufacturing. It also provides a random number generator for the RDRAND instruction and provides TPM services. The PSP is an integral part of the boot process, without which the x86 cores would never be activated.
Is AMD PSP a TPM?
The AMD Platform Security Processor (PSP), also known as AMD Secure Technology, is a trusted execution environment subsystem incorporated into AMD microprocessors since 2013. It is responsible for creating, monitoring, and maintaining the security environment, managing the boot process, initializing security mechanisms, and monitoring the system for suspicious activity or events. Critics worry that the PSP can be used as a backdoor and is a security concern. AMD has denied requests to open source the code running on the PSP.
The PSP is an ARM core with the TrustZone extension, inserted into the main CPU die as a coprocessor. It contains on-chip firmware that verifies the SPI ROM and loads off-chip firmware from it. In 2019, a Berlin-based security group discovered the off-chip firmware in ordinary UEFI image files, which could be easily analyzed. Investigation of a Lenovo ThinkPad A285 notebook’s motherboard flash chip revealed that the PSP core itself is run before the main CPU and its firmware bootstrapping process starts just before basic UEFI gets loaded. This raises concerns over data safety.
The PSP is used to implement hardware downcoring, making specific cores on the system permanently inaccessible during manufacturing. It also provides a random number generator for the RDRAND instruction and provides TPM services. The PSP is an integral part of the boot process, without which the x86 cores would never be activated.
What is code 37 in Intel Management Engine?
The Code 37 error is a Device Manager error code indicating a hardware device driver failure. To fix this error, follow these steps:
- Restart your computer if you haven’t done so already.
- Check if the driver installed for the hardware device has been properly installed.
- If none of these steps work, try a different solution.
Can I delete Intel Management Engine?
In order to disable Intel Active Management Technology (AMT) in BIOS, it is necessary to start the computer and then press the F2 and Delete keys before the system is booted. In the BIOS setup utility, the Advanced Chipset Features must be located and the Intel AMT menu must be sought out. This will result in a reduction of superfluous resource utilisation and ensure that the Intel Management Engine tool is not entirely removed from the system.
Is enabling WMI a security risk?
Windows Management Infrastructure (WMI) is a Windows OS implementation of WBEM and CIM standards, allowing users, administrators, and developers to enumerate, manipulate, and interact with various managed components. WMI provides an abstracted, unified object-oriented model, containing classes representing discrete elements of a machine. It allows for persistence by auto-running programs stealthily on startup or based on specific events. WMI can be disabled, but this limits what an administrator can do, such as updating software across multiple machines.
WMI queries can be written in WQL or through abstractions like PowerShell CIM/WMI cmdlets. It is also possible to invoke methods on classes and instances, allowing for manipulation of underlying managed components using the WMI interface. However, WMI can quickly become a curse when used for malicious operations, as hackers can run malicious code across entire networks.
Is it OK to disable Intel Graphics?
It is possible that disabling integrated graphics in Device Manager may not result in irreparable damage to the laptop. However, it has the potential to cause display issues and may even lead to a complete loss of access to the display.
📹 DIY: Disabling Intel ME ‘Backdoor’ on your Computer
A complete guide to disabling Intel’s ‘computer within a computer’, the Intel Management Engine. Easier than most people think, …
I saw this coming when Intel introduced vPro. The more you try to “abstract” security in this way, the harder it is to actually keep the safe. It’s not going to get any better. But what is even better… this feature will ultimately be used to restrict people from using their own product in the future if you get classified as a dissident. Part of the “you will own nothing and be happy” crowd in the WEF/WTO and others like them.
This vulnerabilities will never be fixed. In the eventuality of discovering they maybe release a fix, but already working on something else to replace it. This backdoors are necessary for the agencies and they are forcing companies to introduce some in their products. Encryption is another bad thing for this agencies, and they want to somehow bypass it.
I first experienced this while deploying a batch of Surface Pro tablets with Window 10 Enterprise in embedded mode for accessing health records. Intel ME kept turning itself back on automatically and filling up the cache and crashing. I re-imaged multiple times with the same result. We work with OEM manufacturers to supply motherboards with the Intel ME disabled. Once activated its not possible to disable. We took a look at AMD and they have 9 exploits which have been patched, whereas Intel still has hundreds. This was implemented by Obama in 2008. I also loaded Intel ME bin file in Ghidra and was able to observe DLLs for accessing encryption and network modules within the code itself.
It’s one of those “What were they thinking” as a security risk this is huge… and has it occurred to anyone that this is how AI might exploit to take over the world? and you thought ransomware attacks were annoying and disruptive and couldn’t get any worse. We need processors that don’t have this or any other backdoor pre-installed. Whatever happened to the K.I.S.S. philosophy… huh? and one final BTW: This is the stuff that we know about, who’s to say that there isn’t more of this lurking in our technology? My Head is reeling on this article… thank you for informing us.
Our organization (hundreds of workstation PCs) was hit with something like that. Some weird shit in the bios started popping up! We noticed new options in bios and some scary stuff… Long story short: settings were INSTALLED for “network boot” “connected bios” “tpm/csm” “pxe boot and” and settings for turning off blinking LEDs of network card, “silent monitor” and what not. Changing them back has a short time effect and yes we had bios passwords everywhere. A month after guess what happened to ALL the PCs, servers and the domain…. yeah. We formatted but I guess we’ll have a trial period of month or two before it hits again (because it’s already here !) . Opening the TPM.msc shows the default screen and after a second changes to a non-available one! Disabling the virtual and tpm2 stuff + ime drivers has some effect but the settings in the bios are changing back to it’s will slowly but surely :/
The IME runs always as long as there is battery power. It has access to network, memory, all periphery, DMA, etc. If a remote code execution flaw was discovered, we were fscked! Plus 3LAs do have the keys and the full access to the running os. What could go wrong?🤣 Always use a non-Intel PCIe network card for external internet access! This is your only chance to mitigate flaws in the IME – it does not have drivers for foreign chips.
All they would have to do is add an IME passcode or certificate to enable remote management. If it’s a company they go into the bios and enter the cert. Then when IME gets a request and there is an invalid cert it could deny the request. If it’s actually a company owned machine the tech would have the correct cert. Problem solved.
homeboy wrapped his tinfoil hat on a bit too tight this morning. The “vulnerability” check from intel doesn’t say it’s vulnerable to 86, just that it’s vulnerable to something. If you go to their website and actually look at what versions are affected, you’ll likely find that your ME is, if anything, affected by a DoS, not the notorious 86. Given I’m also on a 10th gen intel i can confirm that what he’s saying is over-hyped and inaccurate. Be safe out there gents. Don’t drink the kool-aid. Do your own research and understand the real threats.
Very good. HOWEVER 2 pieces i wish to interject 1.) MSI Z690 WIFI PRO-A (get reading!) 2.) I7-13900 the squared/even one. 3.) Coreboot and no Vpro. *see DASHO bios and that Linux Hardware Benchmark site is good. No one is making sane DPI solo customer tech. Unifi dropped edge routers. But Raspberry PI4 are still okay blockers. Some olay HD firewall tech but Opnsense + Sensi is poison. Need Vyos stuff( i think? ). Fan bois have zero clue that the M1, M2 + forever now… dunno how i feel about the edge Tensor in over pixel 5a..
I think a lot of people here need to understand the term “perspective” a lot better. I’d love to ask each one of them worried at being “vulnerable” to this exploit if they still run Windows on their PCs, or have Apple or Google Android devices still in their possession – because they are far more vulnerable to some kind of attack using any one of those and therefore should treat moving to an Open Source OS and de-Googled Android devices as a much bigger priority. Sure, this article content is important and the exploit is most definitely there BUT it is still **THEORETICAL** and “a number of planets need to align” before exploit might be possible anyway. In other words, the risk of exploit is there, but it is extremely low – compared to the very real risks of running closed source systems.
One day people are going to realise that tackling concrete exploits and vulnerabilities one by one, as we discover them is not the most intelligent way to go about securing computer and communications systems. Until then there’ll be plenty of work for experts who puck a tiny little part of the symptom -space and address just what they already understand best.
@Rob Braxman Tech I followed your tips on setting up your new computer (thanks) and think i disabled VPro AMT. Then i watched a privacy vid’ that told me my Nvidia graphics card was snooping on me and will continue to do so unless i install a special browser all the time that’s difficult to set up for a non techie like myself. Is there any truth to this that you know of of? Thanks again.
Quote from the Github repository: “Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, effectively disabling it. Starting from Nehalem the Intel ME firmware can’t be removed anymore : without a valid firmware the PC shuts off forcefully after 30 minutes, probably as an attempt to enforce the Intel Anti-Theft policies. However, while Intel ME can’t be turned off completely, it is still possible to modify its firmware up to a point where Intel ME is active only during the boot process, effectively disabling it during the normal operation, which is what me_cleaner tries to accomplish.”
Intel ME cannot be disabled. It is embedded in the CPU and if you successfully killed off the Intel ME in your CPU, your CPU wouldn’t start at all. What you are doing is disabling the BIOS code that talks to and enumerates Intel ME stuff and makes the hardware interfaces available to the OS. The ME is still running on your CPU and still has complete control over it.
And this is why I was always grateful for my computer nerd friends. I would experiment with my computer and they would come and fix it. I got a “how the hell did you do this?” or “seriously dude, wtf were you trying to do?” a few times, but then they would figure out how to fix it. I just couldn’t keep up with them. So I just stuck to being an art nerd. But THIS is why they have a house and I don’t.
For whom saying intel ME cannot be disabled in bios… Please note that even 4KB microcode cost half of the chip. And for more the new generation coming out, intel forbid you to modify bios on your own. If me_cleaner not work than that makes no sense anymore. bear in mind that me_cleaner can protect one single backdoor from intel only. Thousands of backdoors from your cell phone firmware … no one blame it.
Barker Tech Guys has been able to monitor the AMT calls. This thing sends encrypted data to what is presumed to be a remote location. Though it’s impossible to see WHAT is being sent, it appears to become active when you start typing, it will periodically send in bursts (assumed to be screenshots, it’s only speculation) as well as a constant update of what may be metadata. The flavor of Minix running on the CPU is based on a kind of BSD, closed source and a proprietary iteration, however, running FreeBSD as your main OS seems to “not play nice” with ME or any AMT protocol for that matter (AMD’s TeeOS). Windows, Mac, and every Linux distro has a layer that relays AMT calls to the ME. FreeBSD showed very limited activity.
Thank you for this very informative article. Would like to know if there is a site where you can get the BIOS chip model number for different motherboards. I have a HP ZBook 17 G4. I know its a Winbond SOIC-8 but I can’t quite read the lettering on the chip. Also, that blue BIOS adapter you had on the article for soldered-on chips, where’d you get that ? I’d like to get one. Thanks !
Alternatively if you don’t want to take any risks, you can put your computers behind pfSense router and configure pfSense to deny all incoming traffic by default, like how Gufw firewall in Linux denies all incoming traffic by default. This way, anything trying to remote into your computer will be denied access right off the bat.
You cant disable it, Intel made it a critical component of the CPU that if missing or not working will simply result in the cpu failing to start at all. Changing stuff in the bios and running some random linux commands isn’t going to do jack shit. I’m certain its a physical component inside the CPU somewhere that works completely independent from the rest of the CPU or anything else on your system
I never understand why the people who are smart enough to make these instructions and programs don’t make a script that automates the process. Ask for your chip model, ask for file output/input directory, automate all steps. If missing dependencies automate install them. Why have people go through all this if it can be made easier?
This is just one of many hardware based backdoors. EFI is an OS unto itself, this is the reason coreboot/seaboot was invented. To stop unseen network stacks from updating your computer without your knowledge. Does anyone telnet into their router and be busyboxin -help! My firmwares is hijax? How do you stop Chuck Norris?
Remember, Intel Inside is Mossad Inside. Same thing with AMD. AMD uses Intel’s CPU instruction sets. If you don’t want the deep state to be able to spy on you, do what is done in this article, get a Linux distro which isn’t Ubuntu, because they sell your data to Amazon and possibly to the deep state as well, and avoid using anything Google related. The only Google thing I use is YouTube. Use DuckDuckGo as your search engine and an open source web browser. I’m currently using Firefox, but make sure to change the settings so Firefox won’t collect any data on you. For an email service, I recommend Yandex mail (a Russian provider) or ProtonMail (encrypts everything so only you have the key). You could also look into Qubes OS, which is what Edward Snowden uses.
its basically a non issue if it does collect any data it may be cpu critical errors like instability due to undervoltage in witch the cpu itself wouldnt be able to dump its state so that the bios can appropriatley raise the voltage or other things but it surely cant send your personal data to intel especially if completely powered down the bios battery isnt enough to log anything to system drives or send anything over ethernet also it wouldnt boot without the me because its a critical component that does more than just log data that in no way contains personal information maybe at most some stuff thats contained in the cpu cache at a time of a critical exception
If your system is made with intel ME in mind, disabling it, you will get a potatoe pc, especially if you spend 1-2k$. If you are actually cares about privacy buy two PCs, one for Evil internet, and another high performance PC never put its Ethernet to the internet. Perfect plan I think 🤷♀️, yeah costly but still you will save all awesome features of fully correct working intel me
why making things that complicated….. just download the raw bios file that contains ME region from it’s original source then use python 3 on windows to make the moded firmware then use original bios tools like afuwin for AMI aptio bios or similar tool for other kinds to check whether it is possible to read/write or make complete dump of the current bios then decide if SPI programmer is needed or not. why do you need raspberrry pi that costs way much and why do you need a breadboard and all these wires and all these lines and orders…. just because of your weird guide I lost much of time to find that raspberry pi thing then had a really hard time with SOIC shit clip that got bricked while trying to deal with it. and all I have to do is to use 3 tools UEFITools, AFUWIN and me_cleaner + the command line for python and no external flashing was even required as my bios chip completely unlocked, did not even need any other device beside the same computer that I had to clear me on.
Too fast and too easy 🙂 but on many motherboards are two bios chip called “dual bios” next complication is “winflash tool” you can write bios from runing windows and bios.bin file. And UEFI bios that store software on hard disk also can backup/restore windows v8, v10 serial also for tracking computer ? and funny You use Macbook Air thats have security lockdown by e-mail and bios written into UEFI Chip ? 🙂
Sys Admin here, lmao ME is not a backdoor. Is a remote management tool for tech support, most commonly used on servers but now a lot of mobos are supporting it. On most out of the box bios ME is disabled until you put a password. At least on newer bios firmware. Maybe in the past it was enabled and had a default password.
You cannot disable IME, it is physically on the CPU.. but that’s not to say, you can’t tamper with it 😉 I have created a script that runs on FreeBSD that fools the microcontroller into a sandbox environment (thanks to leaks in the source code). It is the equivalent of having your network unplugged. It continues to function, but only within the Matrix, as I call it. I can actually see the flow of data (though I can’t decipher it) I’m fully confident that these are indeed keystrokes based on the fact that I keep tapping the ASDF at any given time, and the same patterns keep appearing (an effective key logger right in you very own CPU). I also see strings that remind me of hashes because they are constantly pumped and the CPU is ever so slightly outputting something that isn’t a listed process… I wouldn’t doubt that the IME is also using your CPU to mine crypto, although very slow and miniscule for an individual PC, it’s free for them (and they’re making bank on literally millions of systems, equaling multiple ASIC farms).
Welcome to, “How to brick your computer” where we tease a way to disable a backdoor, that won’t work, while vainly implying a warning of a risk that will actually, 100% brick your computer if not merely blind you from seeing a process that is functioning on it still, while having ultimately no real actual affect. GOOD LUCK! And please enjoy your new found home DIY building block!
The best solution: 1. Buy a high performance computer 2. Buy an external drive and Install OS on it. 3. Work ONLY on the OS (linux/openbsd) in the external drive. 4. Unplug the external drive physically whenever you turn off the computer. IME can do whatever they want after the computer has turn off.. lol
I’d STRONGLY advise against it. Firstly, Intel states that ME is involved in controlling parts of the CPU that deal with overall STABILITY. Tho Intel does not state what exactly. Secondly, this article shows old style DIL flash chips. For a couple fo years such flash chips are SMD chips and/or they are NOT SOCKETED. Which makes this article largely obsolete on mainboards of roughly the last 7,8 years.
Can someone explain to me why are people so terrified about Intel, google, etc knowing your data?, like it’s obvious for anyone with a little tech knowledge that they are able to do that, why are you so scared? maybe i’m just ignorant but I really wish to know why do you people think google or whatever the fuck gives a fuck about you, unless you are doing something illegal you shouldn’t have to worry right?, pls explain to me otherwise.
“Intel ME backdoor successfully replaced by xXx_Hax0r_69_xXx backdoor” Even if Intel has some form of backdoor to my motherboard, which sounds like a stretch, I think I prefer that over flashing my BIOS with some sketchy hacks just because some random conspiracy theory guy told me. If anything, at least Intel has an ass I can sue.