Problem with secret operating systems on Intel CPUs allows running of code that would be undetectable by anti-virus software
Processor manufacturer Intel has revealed that flaws in its vPro technology could allow for unauthorised code to be run on a computer completely by-passing the operating system and any firewall and anti-virus software protection.
The vPro technology consists of Intel Management Engine , Server Platform Services , and Trusted Execution Engine and are present on many computers with Intel CPU’s going back a number of years. VPro is essentially a mini computer within your main computer with its own CPU and operating system. The intention being that a PC with the Management Engine could be administered remotely without the need to worry about what OS. This sort of technology is useful in large organisations where computers could have their software reinstalled remotely even if the main operating system would not boot.
Unfortunately this closed source and secretive remote admin technology has recently been found to have a number of flaws by UK based Positive Technologies. These flaws allow the impersonation of Intel’s Management Engine, Server Platform Service or Trusted Execution Engine which can then allow you to run code which is invisible to the main operating system allowing for root kits and other spyware to go undetected.
This vulnerability is present in a large number of systems which contain Intel CPU’s going back a number of years. This list of potentially vulnerable systems are:
- Intel Core processors (6th, 7th and 8th Generation)
- Intel Atom C3000 processors
- Apollo Lake Intel Atom E3900 series
- Apollo Lake Intel Pentiums
- Celeron N and J series processors
- Intel Xeon E3-1200 v5 and v6 processors
- Intel Xeon Scalable processors
- Intel Xeon W processors
Intel has provided a fix for these flaws but as the vulnerabilities are down at the hardware level rather than with the OS – such as Windows or Linux – it is up to the hardware vendors to provide BIOS updates to patch these holes.
This could takes months for even large vendors such as Dell, HP and Lenovo to provide patches for all their systems and with smaller manufacturers it could be longer if patches are ever forthcoming. The other problem is that these firmware updates probably won’t be delivered by the main OS updates IE Windows updates so it will involve the patch being manually applied on vulnerable systems. And many users won’t even be aware that an update is available to install, potentially leaving millions of systems unpatched.
It is thought at the moment the flaw requires administer level privileges to the Vpro technology or access to the USB port of a machine to compromise it. But Positive Technologies have yet to reveal the full details of the hacks it has found and will do so at the Black hat conference in December.
If you have a system you feel is vulnerable then check your computer vendors website for any BIOS updates or contact their technical support. Alternatively if you don’t want to wait until an official update comes you can use a utility developed by Positive Technologies to disable the Intel Management Engine on your system. Unfortunately to use the utility provided by Positive Technologies requires tools provided by Intel to motherboard manufacturers which aren’t available to end users so you will need to do some searching to find downloads for these extra utilities (although they aren’t hard to find do a internet search for Flash Programming Tool )
Be aware that when it comes to modifying your computers firmware there is a chance you could damage your system and cause it to become unstable or even not boot. So if your not comfortable with that then it best to badger your motherboard manufacturer’s support for an official fix before someone makes a working remote exploit and takes control of your computer