Security research firm Positive Technologies has said it will demonstrate an exploit that allows the running of arbitrary unsigned code on any PC with an Intel 6th Gen ‘Skylake’ Core CPU or later. The security hole exists because of Intel’s Management Engine, a tiny microprocessor that exists within the platform controller, or chipset, of every PC motherboard built for Intel processors. The Intel Management Engine (IME) was introduced to allow functions such as remote booting and administration, but it also handles the initialisation of the CPU and its power management. It has long been suspected that the IME allows for undetectable backdoors that governments and other agencies can use to spy on users, but has been difficult to disable because of its deep low-level integration with the system.
Positive Technologies is set to reveal its findings at the annual Black Hat Europe conference for the IT security industry, which will begin on December 4 this year. According to the company, researchers have been able to introduce any code and execute it thanks to a design decision that connects the IME to a PC’s USB subsystem to enable a debugging mechanism. It is already referring to the flaw as a “God-mode” hack because of its severity and scope.
Resesarchers have also been able to access the IME firmware, potentially allowing them to detect and exploit extremely low-level vulnerabilities.
The IME is completely transparent to PC users and their operating systems, operating on a much lower level. Users will have no way to detect that the IME has been compromised. Since the Skylake generation, Intel has been using the open-source Minix embedded operating system for IME functions, a decision that is partly responsible for the existence of this security hole.
Earlier this year, it was discovered that remote administration of the IME was possible without a password. This has since been rectified, but affected PCs need to have their motherboard firmware flashed in order to fix it, which most people are unlikely ever to do.