1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Intel Management Engine

Discussion in 'General Security' started by Johnny b, Oct 11, 2017.

Thread Status:
Not open for further replies.
Advertisement
  1. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

    There seems to be issues with a security hole:
    (general search)
    https://www.google.com/search?client=ubuntu&channel=fs&q=Intel+Management+Engine&ie=utf-8&oe=utf-8

    An example of a 'fix' seems beyond the realm of home owners and there can be serious negative effects including bricking a computer depending on the hardware:
    https://wiki.gentoo.org/wiki/Sakaki's_EFI_Install_Guide/Disabling_the_Intel_Management_Engine

    How serious is this IME and what else can be done to address the issue?

    (I've read AMD has something that may be similar)
     
  2. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    I got a bit queasy about the fix and decided to ask a question first.

    I found the appropriate method of fixing it is from the manufacturer, Acer in my case.
    The 'Fix' is to flash the bios.
    In my Bios, there is an option to turn off 'Intel AMT'
    Since this computer is a home unit, there is no need of any kind of IT management.

    I'm not wild about flashing the bios unless there is no other solution, but as there is an option to turn off AMT, is this appropriate instead of flashing the bios in my situation?
     
  3. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    curiously, I'm not seeing much interest in this thread of this vulnerability.

    Since about 2006, business oriented computers ( like those with versions of Win Pro )
    have an additional chipset that is a co-processor running it's own OS for the purpose of out of band management. This May it was discovered there was a serious flaw in it's firmware. Nothing in Windows updates appears to correct this vulnerability of a hacker being able to take over control of such a computer through 'out of band management' which is what 'Intel AMT'
    https://en.wikipedia.org/wiki/Intel_Active_Management_Technology
    accomplishes.

    https://en.wikipedia.org/wiki/Out-of-band_management

    As shown, IT involvement through this process is done without any involvement of the host's operating system. It's done through that co-processor.

    There are conflicting discussions at various sites on how to fix and what some fixes actually accomplish.

    'Intel AMT' is essentially an intentional backdoor into computers. And hackers have found out how to bypass installed operating systems.

    I'm interested in whether turning off 'Intel AMT' in the bios actually turns off the above process because there seems to be conflicting opinions.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Home computers will not have the AMT chip installed
    It is an "option" on some makes & models of computers sold to enterprise/business.
    If you do not have the chip then you cannot be affected
    Intel management engine should NOT be disabled on a computer otherwise you will suffer lots of problems
     
  5. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    I do have a business class machine, an Acer VM6630G, with the co-processor and the Intel AMT issue. However, I'm using it in a home -office situation and don't require the out of band option as there is no IT involved here. ( I'm it. )
    It was purchased new from Newegg when on sale at a low price.

    I'm aware there can be problems if IME is disabled. However, AMT is one of the functions of IME and there is a bios setting for AMT to disable AMT.

    And this is where it becomes confusing for me.

    I can't find a definitive answer as to whether the setting completely disables AMT or resets it to default settings as I've seen posted.

    The 'fix' Acer provides, addresses the firmware but it doesn't appear to have additional options to disable AMT.

    Thus my interest in the current bios option and what it does.
     
    Last edited: Oct 15, 2017
  6. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
  7. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    More info on the Intel Management Engine

    https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/

     
  8. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,921
    I just checked the list and my Lenovo ThinkCentre M93 is NOT affected so I'm a happer camper. (y)
     
  10. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    I checked that list for my ACER desktop and it wasn't on it, but it's bios did have an option for AMT.

    Seems a lot of confusion over this issue.
     
  11. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,903
    First Name:
    Rob
    To exploit these issues a hacker would have to already be on your network and actively look for it and know how to exploit it. For the vast majority of people this security flaw should be a non issue. If you have a hacker on your network your probably have more serious problems.
     
  12. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    Question:

    Isn't the Internet a network for any and all connected to it?
     
  13. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,903
    First Name:
    Rob
    It's a network yes, but it should be isolated by a firewall/router, someone would need to bypass that and enter into your private network to exploit this as far as the info I've read.
     
  14. Johnny b

    Johnny b Thread Starter

    Joined:
    Nov 6, 2016
    Messages:
    4,528
    First Name:
    John
    'Should be's' are potential vulnerabilities to me :)
    I do have a NAT router and as posted I've port forwarded specific ports that Intel posted are used by AMT.

    I know my efforts will never be perfect, but locking down what I can is better IMO than ignoring even the incredibly small chance of a breach. It wasn't that long ago there was a major issue with well known brand name routers needing firmware updates because of vulnerabilities.
    'Stuff' happens.
    Once past a firewall/router, this Intel Management Engine vulnerability essentially is root and someone else literally owns the computer silently.

    Just trying to be proactive :)
     
  15. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,903
    First Name:
    Rob
    Why did you port forward ports the Intel ME uses to your computer? There's always going to be vulnerabilities and the media has been doing an amazing job scaring people and sensationalizing threats recently, most of which end up being nothing. I'm not saying you shouldn't be worried just that this might not be the big threat it's being made out to be especially for small home users. Go in the BIOS and disable anything related to Intel ME/AMT, etc and if a patch ever becomes available install it.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Intel Management Engine
  1. drywater
    Replies:
    0
    Views:
    5,255
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1197731

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice