Threat and Vulnerability Management

Will open hardware race curb worrying chip vulnerability?

In 2007 the enterprise computing landscape changed. Without major fanfare, Intel introduced its new Management Engine. This innocuous-sounding bundle of hardware and firmware was intended to give enterprise IT managers greater control over the machines on their network. It succeeded.

Comprising a fully-functional processor, memory, ROM and network interface, the IME, built inside the CPU chipset, became supreme overseer of the rest of the system. It controls everything. Long before an operating system even starts booting, the Management Engine is checking the network connection, validating code and...

...actually, nobody outside of Intel really knows what else it does, at least not entirely. Its code is heavily encrypted and so far has not been fully disassembled. The reason for encryption is obvious: this is a potential vulnerability for all systems in which it's present. If the encryption were ever broken, enterprise systems could be vulnerable to data theft, bot-net conscription and remote access, with their users and managers none the wiser. It's not beyond the realms of possibility that this has already happened.

What's surprising is the length of time that this has been going on without much complaint. Analysts such as Joanna Rutkowska have been warning about the risks for years. Projects such as Libreboot have, with some success, disabled early versions of the Management Engine, though mostly on computers that are now too old to consider for serious business use. Yet enterprise customers have so far made little noise, happy that the convenience of remote PC management outweighs any possible security concerns.

It's not as though there are any real alternatives. AMD stayed out of this area for some time, but since 2013 its CPUs have had a similar feature: the Platform Security Processor.

To continue reading...


« Blockchain-based companies have finally joined the 'Unicorn Club'


A business case for NarrowBand IoT in Africa »
Alex Cruickshank

Alex Cruickshank has been writing about technology and business since 1994. He has lived in various far-flung places around the world and is now based in Berlin.  

  • Mail


Do you think your smartphone is making you a workaholic?