Researchers found a way to disable Intel ME

Intel ME is a separate processor embedded into the Intel CPU, running its own operating system with sufficient processing, flow, memory management, hardware bus drivers, system files and many other factors.

Intel always advertises that Intel ME is a way for businesses to manage computers running on the intranet. Intel ME has tools that allow system administrators to monitor, maintain, update, upgrade and repair computers from a remote central location.

Many people believe that Intel ME is a back door

As a hardware, Intel ME is nothing but a microcontroller added to the Platform Controller Hub (PCH) chip, an element that handles communications between Intel processors and external devices.

Due to its location, all data goes through Intel ME, when looking back, it is also the way to manage the remote computer management system.

Researchers found a way to disable Intel ME Picture 1
The mystery in Intel ME makes many people want to disable it

Outside the scope of system administrators, who know how useful this factor is, Intel ME receives bad language. Many people call it back door, because Intel ME firmware is not recorded and compressed to hide content inside. Intel has denied all allegations.

Many people try to disable Intel ME but fail

The fear of not knowing anything inside Intel ME has led many computer experts to try to find a way to disable it. Many people failed because Intel let ME run with the CPU boot process. It is responsible for turning on, managing energy for the main processor.

Disabling Intel ME causes a computer crash. Therefore, experts can only limit it by disabling as much as possible without interfering with the boot-up process.

Intel ME can be disabled, thanks to NSA

Positive Technologies experts have revealed how they found the hidden (bit) unit of the firmware code and then turned it back (set to '1') that will disable ME after ME completes the microprocessor boot process. main.

This unit is called reserve_hap and is described as 'High Assurance Platform (HAP)'. This is an NSA program that describes a series of rules that run a secure computing platform.

Researchers believe that Intel adds a unit that disables ME as required by the NSA because they need to do so as a means of security for computers running in sensitive environments. ME or any vulnerability on the firmware can lead to dangerous information leaks.

Intel confirms the ability to disable Intel ME

'In response to customer requests that have special requirements, we sometimes find ways to customize or disable certain features. In this case, the customization is carried out in response to the equipment manufacturer's request, in order to support the client's assessment of the US government's High Assurance Platform program. These customizations are limited in number and do not officially support configuration settings'.

Earlier this year, Embevi researchers discovered that the vulnerability in Intel ME allowed an attacker to execute code on remote computers via Intel ME. Detecting Intel ME's vulnerability - CVE-2017-5689 makes it more necessary to find ways to disable ME.

Positive Technologies experts warn that using HAB can be dangerous because it has not been tested, may harm or destroy the computer. Users need the help of a firmware expert or a skilled hardware expert.