Intel Management Engine: Difference between revisions

The '''Intel Management Engine (ME)''' is an embedded microcontroller integrated into Intel's chipsets since 2008. From version 11 onwards, it runs a (closed-source) modified version of [https://www.minix3.org/ MINIX] as its operating system.<ref name=":4">{{Cite web |date=2023-09-26 |title=What is Intel® Management Engine? |url=https://www.intel.com/content/www/us/en/support/articles/000008927/software/chipset-software.html |url-status=live |access-date=2026-02-04 |publisher=Intel}}</ref><ref name=":5">{{Cite web |last=Ermolov |first=Mark |last2=Goryachy |first2=Maxim |date=28 Aug 2017 |title=Disabling Intel ME 11 via undocumented mode |url=https://web.archive.org/web/20201201175708/http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 |url-status=dead |access-date=2026-02-04 |website=Positive Technologies}}</ref>.

|A "Ring -3 Rootkit" for the Q35 chipset was demonstrated by Invisible Things Lab, allowing an attacker to execute code, even when Intel AMT was disabled in the BIOS.<ref>{{Cite web |last=Tereshkin |first=Alexander |last2=Wojtczuk |first2=Rafal |date=29 Jul 2009 |title=Introducing Ring -3 Rootkits |url=https://blackhat.com/presentations/bh-usa-09/TERESHKIN/BHUSA09-Tereshkin-Ring3Rootkit-SLIDES.pdf |url-status=live |archive-url=https://web.archive.org/web/20251205092502/http://www.blackhat.com/presentations/bh-usa-09/TERESHKIN/BHUSA09-Tereshkin-Ring3Rootkit-SLIDES.pdf |archive-date=2025-12-05 |access-date=2026-02-04 |publisher=Blackhat}}</ref> The bug was subsequently patched by Intel.<ref>{{Cite web |date=2008-08-26 |title=Intel patches the Q35 bug |url=https://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html |url-status=live |access-date=2026-02-03 |website=The Invisible Things Lab's blog}}</ref> <ref name=":0">{{Cite web |first=402 Payment Required |date=2023-06-29 |title=Intel Management Engine |url=https://www.youtube.com/watch?v=lQ8k79yNH2A |url-status=live |access-date=2026-02-03 |website=Youtube}}</ref><ref name=":2">{{Cite web |last=Robin |first=Thibaud |date=2025-03-02 |title=The Mysterious Story of a Troubling Intel Chip |url=https://blog.trackflaw.com/en/the-mysterious-story-of-a-disturbing-intel-flea/ |url-status=live |access-date=2026-02-03 |website=TrackFlaw}}</ref>

|An individual by the name of Vassilios Vereris discovered an bypass that allow attackers to remotely enable Intel AMT.<ref>{{Cite web |date=2026-02-03 |title=Disabling Intel ME in Firmware |url=https://ecrsecurity.com/files/DisableIntelME.pdf |url-status=live |access-date=2026-02-03 |website=ecrsecurity}}</ref><ref>{{Cite web |last=Ververis |first=Vassilios |year=2010 |title=Security Evaluation of Intel's Active Management Technology |url=https://ia801400.us.archive.org/35/items/100402-vassilios-ververis-with-cover/100402-Vassilios_Ververis-with-cover.pdf |website=archive.org}}</ref> <ref name=":0" /><ref name=":2" />

|Discovered by Maksim Malyutin from Embedi, a bug in Intel AMT allows a hacker to gain admin privileges from a remote location.<ref name=":0" /> Reportedly, Intel was aware of this more than 5 years prior to the report SemiAccurate gave to Intel, however it was dismissed for unknown reasons.<ref>{{Cite web |last=Demerjian |first=Charlie |date=2017-05-01 |title=Remote security exploit in all 2008+ Intel platforms |url=https://www.semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ |url-status=live |access-date=2026-02-03 |website=SemiAccurate}}</ref> <ref>{{Cite web |last=Armasu |first=Lucian |date=2017-05-02 |title=Intel AMT Vulnerability Shows Intel’s Management Engine Can Be Dangerous |url=https://www.tomshardware.com/news/intel-amt-vulnerability-me-dangerous,34300.html |url-status=live |access-date=2026-02-03 |website=Tom's Hardware}}</ref><ref>{{Cite web |date=2025-01-11 |title=The Vulnerability Uncovered |url=https://umatechnology.org/intel-amt-vulnerability-business-laptops-can-be-exploited-in-mere-seconds/ |url-status=live |access-date=2026-02-03 |website=UMA Technology}}</ref><ref name=":0" />

|Researchers at F-Secure discovered an exploit regarding Intel AMT that allows a hacker with physical access to the machine to bypass the user, BIOS, Bitlocker, and TPM passwords in a matter of 30 seconds. This bug is more severe against corporate laptops. <ref name=":3">{{Cite web |last=Waldman |first=Arielle |date=2020-09-09 |title=Intel patches critical flaw in Active Management Technology |url=https://www.techtarget.com/searchsecurity/news/252488831/Intel-patches-critical-flaw-in-Active-Management-Technology |url-status=live |access-date=2026-02-03 |website=TechTarget}}</ref><ref>{{Cite web |last=Ashford |first=Warwick |date=2018-01-18 |title=F-Secure highlights another critical Intel security issue |url=https://www.computerweekly.com/news/450433078/F-secure-highlights-another-critical-Intel-security-issue |url-status=live |access-date=2026-02-03 |website=TechTarget}}</ref><ref>{{Cite web |last=Subramaniam |first=Vaidyanathan |date=2018-01-14 |title=Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom |url=https://www.notebookcheck.net/Gone-in-30-seconds-New-Intel-AMT-exploit-is-scarier-than-you-can-ever-fathom.278216.0.html |url-status=live |access-date=2026-02-03 |website=Notebook Check}}</ref><ref>{{Cite web |last=Armasu |first=Lucian |date=2018-01-12 |title=Intel AMT Allows BitLocker Bypass In Under A Minute |url=https://www.tomshardware.com/news/intel-amt-bitlocker-bios-bypass,36321.html |url-status=live |access-date=2026-02-03 |website=Tom's Hardware}}</ref>

There is no official method to disable the ME, however there have been tools and tips developed to allow (partially) disabling the ME.<ref name=":1">{{Cite web |title=Intel’s Management Engine |url=https://puri.sm/learn/intel-me/ |url-status=live |access-date=2026-02-04 |publisher=Purism}}</ref>