Intel ME controller chip has secret kill switch

Updated Security researchers at London-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk.

Intel's ME consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction with integrated peripherals. It handles much of the data travelling between the processor and external devices, and thus has access to most of the data on the host computer.

If compromised, it becomes a backdoor, giving an attacker control over the affected device.

That possibility set off alarms in May, with the disclosure of a vulnerability in Intel's Active Management Technology, a firmware application that runs on the Intel ME.

The revelation prompted calls for a way to disable the poorly understood hardware. At the time, the Electronic Frontier Foundation called it a security hazard. The tech advocacy group demanded a way to disable "the undocumented master controller inside our Intel chips" and details about how the technology works.

An unofficial workaround called ME Cleaner can partially hobble the technology, but cannot fully eliminate it. "Intel ME is an irremovable environment with an obscure signed proprietary firmware, with full network and memory access, which poses a serious security threat," the project explains.

On Monday, Positive Technologies researchers Dmitry Sklyarov, Mark Ermolov, and Maxim Goryachy said they had found a way to turn off the Intel ME by setting the undocumented HAP bit to 1 in a configuration file.

HAP stands for high assurance platform. It's an IT security framework developed by the US National Security Agency, an organization that might want a way to disable a feature on Intel chips that presents a security risk.

The Register asked Intel about this and received the same emailed statement that was provided to Positive Technologies.

"In response to requests from customers with specialized requirements we sometimes explore the modification or disabling of certain features," Intel's spokesperson said. "In this case, the modifications were made at the request of equipment manufacturers in support of their customer's evaluation of the US government's 'High Assurance Platform' program. These modifications underwent a limited validation cycle and are not an officially supported configuration."

Positive Technologies in its blog post acknowledged that it would be typical for government agencies to want to reduce the possibility of unauthorized access. It noted that HAP's effect on Boot Guard, Intel's boot process verification system, remains unknown, though it hopes to answer that question soon. ®

Updated to add

A spokesperson for Chipzilla has been in touch to stress it doesn't deliberately build any backdoors into its technology: