Is the 'secret' chip in Intel CPUs really that dangerous?

There are a lot of ifs in this developer's argument

An article on Boing Boing is stirring up fears that Intel x86 processors have a secret control mechanism that no one is allowed to audit or examine, so consequently, this could expose systems to unkillable, undetectable rootkit attacks. 

In an article that is equal parts technical and fear-inducing, Damien Zammit is up front about his goal. He declared he had made it his mission to get Intel to replace this system with a free, open source replacement "before it's too late."

+ Also on Network World: Intel declares independence from the PC +

The impending doom comes from the Intel Management Engine (ME), a subsystem that uses a 32-bit Argonaut RISC Core (ARC) microprocessor that's physically located inside the x86 chipset. It's described as "an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments." 

The ME engine runs completely out-of-band with the x86 CPU, so it runs independent of the PC, even when your main CPU is in a low power state like suspend. On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). AMT is used for remote management of the PC for things like upgrades and installations, which can be done even when a laptop is powered off. ME was introduced on the Core 2 series introduced in 2006 and is in every CPU since then.

Zammit goes into reasons why this is so dangerous if it can be exploited, namely, if it can be compromised by a rootkit, attackers can gain administration access and act completely undetected. And since the chip cannot be audited or examined, there's no way to remove the rootkit. 

But to get there, you have to break a chip protected by RSA 2048 security on a chip that can't be audited or examined. That's 2,048-bit security, which would require any attempt to break it to factorize semi-primes with approximately 617 decimal digits, which Zammit admits at this point is "pretty much impossible in one human lifetime for anyone with the biggest supercomputer." 

Zammit says his goal isn't to replace Intel's ME, but to provide a minimal libre alternative firmware for users who choose to use it.

"Unfortunately, since the firmware is protected by RSA 2048, we currently have no way to execute our own code on the ME hardware because it fails validation. We have no way to move forward, even if we wanted to," he writes. 

So, what we have is an open source crusader scaring the daylights out of people (just look at his headline) on a giant what-if scenario that even he admits couldn't happen in our lifetimes. The notion of open source being inherently more secure than proprietary pretty much died with Heartbleed (and Shellshock and Stagefright). 

And I doubt he will persuade Intel to change the AMT, a central component of its enterprise push, for an open source project by engaging in fright tactics. As an Intel spokesman said:

"While the Intel Management Engine is proprietary and Intel does not share the source code, it is very secure. Intel has a defined set of policies and procedures, managed by a dedicated team, to actively monitor and respond to vulnerabilities identified in released products. In the case of the Intel Management Engine, there are mechanisms in place to address vulnerabilities should the need arise."

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022