shutterstock-735053371
Threat and Vulnerability Management

Will open hardware race curb worrying chip vulnerability?

In 2007 the enterprise computing landscape changed. Without major fanfare, Intel introduced its new Management Engine. This innocuous-sounding bundle of hardware and firmware was intended to give enterprise IT managers greater control over the machines on their network. It succeeded.

Comprising a fully-functional processor, memory, ROM and network interface, the IME, built inside the CPU chipset, became supreme overseer of the rest of the system. It controls everything. Long before an operating system even starts booting, the Management Engine is checking the network connection, validating code and...

...actually, nobody outside of Intel really knows what else it does, at least not entirely. Its code is heavily encrypted and so far has not been fully disassembled. The reason for encryption is obvious: this is a potential vulnerability for all systems in which it's present. If the encryption were ever broken, enterprise systems could be vulnerable to data theft, bot-net conscription and remote access, with their users and managers none the wiser. It's not beyond the realms of possibility that this has already happened.

What's surprising is the length of time that this has been going on without much complaint. Analysts such as Joanna Rutkowska have been warning about the risks for years. Projects such as Libreboot have, with some success, disabled early versions of the Management Engine, though mostly on computers that are now too old to consider for serious business use. Yet enterprise customers have so far made little noise, happy that the convenience of remote PC management outweighs any possible security concerns.

It's not as though there are any real alternatives. AMD stayed out of this area for some time, but since 2013 its CPUs have had a similar feature: the Platform Security Processor.

To continue reading...


PREVIOUS ARTICLE

« Blockchain-based companies have finally joined the 'Unicorn Club'

NEXT ARTICLE

A business case for NarrowBand IoT in Africa »
author_image
Alex Cruickshank

Alex Cruickshank has been writing about technology and business since 1994. He has lived in various far-flung places around the world and is now based in Berlin.  

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?