Dell to Disable Intel’s Insecure IME » Linux Magazine


Intel’s IME (Intel vPro Management Engine) came under fire recently when security researchers found serious bugs that allowed a remote attacker to take control of the affected systems.

“The exploitation allows an attacker to get full control over business computers, even if they are turned off (but still plugged into an outlet). We really hope by bringing this to light, it will raise awareness about security issues in firmware and avoid possible issues in the future,” wrote Embedi, the security firm that discovered the bug.

Intel doesn’t share any information about these “secretive” Management Engine technologies. ME modules sit above the operating systems and users have no access or control over the technology. Organizations like EFF are calling for more transparency around ME modules. EFF asked Intel to “Provide a way for their customers to audit ME code for vulnerabilities. That is presently impossible because the code is kept secret.”

Because Intel doesn’t provide any such information, PC vendors and users don’t have any means to audit or fix such vulnerabilities. Now one PC vendor has taken steps to protect its users. Dell is now disabling IME in all new systems, and users will have to pay to enable the service.

In a statement to ExtremeTech, Dell said, “Dell has offered a configuration option to disable the Intel vPro Management Engine (ME) on select commercial client platforms for a number of years (termed Intel vPro – ME inoperable, custom order on Dell.com). Some of our commercial customers have requested such an option from us, and in response, we have provided the service of disabling the Management Engine in the factory to meet their specific needs. As this SKU can also disable other system functionality it was not previously made available to the general public.”

PC vendors, especially those selling Linux preloaded systems, are following the suite and disabling ME by default. Dell is the biggest PC vendor, and if other vendors start disabling the engine, Intel might be compelled to either open source the technology or offer more transparency around it.



Source link

Leave a Reply

Your email address will not be published.

captcha

Please enter the CAPTCHA text