cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
eos
802.11n
Posts: 469
Registered: ‎06-30-2011
Location: gibraltar
Views: 8,130
Message 1 of 11

critical update: "intel management Engine 8.1 Firmware" a potential major security back door?

I was pretty shocked to see this update.  Apparently, intel management engine is a backdoor which allows full control of the machine, even if the power is off. It is something on intel motherboards.  It has been noted that a backdoor can be used by a) legitimate corporate administrators, b) hackers c) gov. organisations.

 

Firstly, why would any user want to install a back door which allows undetectable access to the machine without the users knowlege or inteveition?

 

Secondly, why is this installed by Lenovo as standard, if it is only used by some large organisations?

 

Or am I wrong?

 

I have seen many articales about it saying "Intels management engine is the single most dangerous piece of computer hardward ever created", mainly because it has access to everything and noone knows exactly what it can do.

 

Now I am trying to find a way to remove this major security back door.

 

It seems that noone knows if disabling it in the bios is actaully disabling it, or not. It seems not, as you can still get a response from AMT if you hit: http://127.0.0.1:16992/logon.htm, and if you open the "intel management and security status" application, it says that AMT is enabled.

 

It seems ifyou connect to a public wifi, the machnes AMT is avaible to everyone on the network.

 

I have also seen that there are exploits allowing hackers to gain full access to your machine with trivial exploits such as sending null password.

 

Very very bad.

 

Guru
Posts: 9,598
Registered: ‎12-26-2009
Location: CA
Views: 8,218
Message 2 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

Management Engine's behavior has been well documented since it's inception. You're a little late to the party Smiley Happy

The legitimate and intended use of the feature is for system administrators to provision and manage corporate machines remotely and conveniently.

It's not installed by Lenovo as standard, but rather Intel on any platform certified vPro (your system would have had this sticker from the factory).

If you are not in a corporate environment managed by Intel AMT, then it only provides risks and zero benefit. Removing it is impossible; wiping the ME firmware externally causes your system to shutdown 30 minutes after boot.

The firmware update you see fixes an exploitable vulnerability that was recently discovered in Intel's ME firmware.

W520: 2960XM, Q2000M @ 1091/1380, 32GB RAM, 500GB&750GB HDD & 500GB SSD, FHD&MB168B+
X61T: L7500, 4GB RAM, 500GB HDD, XGA screen, Ultrabase
W550s: 5600U, K620M at 1164/1281, 16GB RAM, 512GB SSD, 3K touchscreen
X200s: SL9400, 6GB RAM, 64GB SD card, WXGA+ screen
TPT1: 1839-23U
eos
802.11n
Posts: 469
Registered: ‎06-30-2011
Location: gibraltar
Views: 8,122
Message 3 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

Thanks for the reply. I am very late for the party! I am amazed that this has no solution, and is accepted by consumers. I will make sure my next laptop does not have an intel motherboard, or equivalent back doors.
eos
802.11n
Posts: 469
Registered: ‎06-30-2011
Location: gibraltar
Views: 8,119
Message 4 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

Would installing a firewall on the laptop and blocking 16992 help, or is this intercepted by AMT before the OS is given the connection?  Obviously this would not work if the laptop is switched off.

Guru
Posts: 9,598
Registered: ‎12-26-2009
Location: CA
Views: 8,070
Message 5 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

A lot of people would probably be unaware of Management Engine at all. AMD has their own similar solution, so you can't really switch to AMD either.

A software firewall won't help as it is intercepted by AMT in hardware long before your software firewall sees it, if it sees it at all.

W520: 2960XM, Q2000M @ 1091/1380, 32GB RAM, 500GB&750GB HDD & 500GB SSD, FHD&MB168B+
X61T: L7500, 4GB RAM, 500GB HDD, XGA screen, Ultrabase
W550s: 5600U, K620M at 1164/1281, 16GB RAM, 512GB SSD, 3K touchscreen
X200s: SL9400, 6GB RAM, 64GB SD card, WXGA+ screen
TPT1: 1839-23U
BAAM
Paper Tape
Posts: 1
Registered: ‎06-21-2017
Location: CH
Views: 2,776
Message 6 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

Hi

I am trying to update the Intel Management engine 8.1 firmware but my Lenovo ThinkPad X1 Carbon is just hanging. I have run the Intel Unprovision tool but it does not seem to improve the situation. Anybody have any ideas how to resolve.

 

Thanks


Sam

bevhoward
Serial Port
Posts: 70
Registered: ‎05-26-2016
Location: US
Views: 5,739
Message 7 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

"late to the table"

 

Time to do some reading about the problem, it's seriousness, and it's date.

 

Beverly Howard

bevhoward
Serial Port
Posts: 70
Registered: ‎05-26-2016
Location: US
Views: 2,771
Message 8 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

Looks like the Lenovo forum is totally adrift.

 

First of all, this is not "solved" but more embarrassingly, I just received an email post notification this morning for the post made by BAAM on 06-21-2017

 

Beverly Howard

crendon
Punch Card
Posts: 41
Registered: ‎11-15-2016
Location: US
Views: 2,759
Message 9 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac

This can't be. This is like sleeping at night with your house's main door open and with a huge sign that says come have all you want. There has to be a way to get around this

ThinkTank480
Punch Card
Posts: 31
Registered: ‎04-26-2018
Location: CA
Views: 2,715
Message 10 of 11

Re: critical update: "intel management Engine 8.1 Firmware" a potential major security bac


@crendon wrote:

There has to be a way to get around this


There is: me_cleaner

 

Of course, there's always the risk of bricking the machine by applying it.

Check out current deals!


Shop current deals

Top Kudoed Authors