Security Researchers from Positive Technologies have recently revealed information about a buffer overflow they stumbled upon in the firmware update of Intel’s management engine 11’s which is secret. They stated that the Intel firmware update could be attacked by sophisticated individuals to gain access to ME functionality despite being turned off. This clearly means that sophisticated intruders would be able to play real money slots from the system they attack despite a firmware update being released by the chipmaker. The researchers have also claimed that the firmware update released by the manufacturer may not be significant to permanently resolve the issues.
The Intel management engine which is also known as the Intel ME resides in the controller hub of the platform and is a co-processor which powers the remote administrative features of the company. It has its own operating system which is the Intel Minix 3 that is similar to the Intel UNIX operating system. It has been designed to monitor computers and has access comprehensively to all the data and processes of the primary system.
The researchers stumbled upon four vulnerabilities which affected firmware Intel ME versions 11.0 to 11.20. Two of the vulnerabilities were found in earlier versions of the firmware belonging to Intel ME along with two in server platform services and a couple in the trusted Intel execution engine version 3.0.
A security audit was conducted by Intel after the firmware update warnings were issued by the researchers for identifying and exploring the vulnerabilities of the firmware update which were affecting the Intel ME. Intel issued a statement to its users on November 20 they were responding to issues discovered by external researchers about the firmware update and therefore they had completed a comprehensive security review of the flaws which were identified with the objective of enhancing the resilience of their firmware.
Firmware Intel identified the issues for their management engine, trusted execution engine and Intel server platform services and decided to issue a firmware update to resolve the issues plaguing the ME platform. The researchers, however, believe that the firmware update released by Intel does not prevent an intruder from using other methods for the attack which was also patched by the chipmaker during a recent firmware update.
The chipmaker has not responded positively when questioned about whether they had any plans to modify the way their management engine works or to begin producing chips without the ME. A spokesperson for the company provided a recommendation that requests such as these should be forwarded to the hardware vendors.
The spokesperson for the company issued a statement saying that the management engine is capable of providing important functionality for its users and includes features such as two-factor authentication, enterprise service management and even the option to get heart bingo reviews. They advised system owners with customers requirements to contact equipment manufacturers for the kind of request being put forward to the chipmakers. The company, however, confirmed that it would not support any configuration which would remove the functionality essential in most of their mainstream products apart from providing the firmware update.
The statement issued by the chipmaker certainly comes as a surprise since Intel has been one of the leading firmware manufacturers of such products throughout the world for a number of years. It has also issued a firmware update whenever needed.