30 Aug 2017
It’s not available to the general public, but Positive Technologies, a Russian cybersecurity firm, has figured out how to exploit a privilege available only to governments that involves shutting down the CPU’s Management Engine master controller.
What does all that mean? Well, ME is part of the processor, which means it can’t ever be fully shut down or disabled while a computer is running. This makes it a great tool if hackers are able to access. It’s been described as an undocumented master controller for the CPU.
The Electronic Frontier Foundation has called on Intel to disable or, at the very least, limit, the Management Engine and has warned that unless they provide a way for people to disable ME, people should be wary of using Intel chips in anything involved with critical infrastructure.
Positive Technologies discovered firmware code linked to the High Assurance Platform Program, or HAP, which is a collaboration program between the tech industry and the NSA. This code can disable ME, and Intel has indeed confirmed it’s there for customers who are a part of HAP.
A utility has been released that lets regular users disable ME, but if you decide to check it out, use it at your own peril. It comes with a warning that it might destroy your Intel chip, and therefore any device powered by it.
For their part, Intel says they aren’t in the practice of building backdoors in its products.