PSA: Remember To Update Your Intel Management Engine

Status
Not open for further replies.

spdragoo

Splendid
Ambassador


???

"No thank you" = "I don't need to worry about this because my Intel CPU isn't on the list of affected CPUs"?

"No thank you" = "I don't have to worry about this because I'm running an AMD-based machine"?

Or (hopefully not) "No thank you" = "I don't care if they release an update or not, I'm just going to ignore it & hope it goes away"?
 

none12345

Distinguished
Apr 27, 2013
431
2
18,785
" I do not use, nor need, nor install Intel ME, ever"

You do realize what it is right? Its a coprocessor that is embedded into the intel chips. You dont get a choice to install it or not install it. Its there no matter what you do.

It can read and write memory without your os being aware that it has read or changed any data. It has complete access to your system. Security holes into the IME leave your system completely open to anything, and you should take them seriously.
 

spdragoo

Splendid
Ambassador






These are the things you must realize about Intel ME:


    ■ This is not merely some sort of software utility that you can choose whether to install or not. It is a physical subprocessor that is part of the Intel CPU (https://www.howtogeek.com/334013/intel-management-engine-explained-the-tiny-computer-inside-your-cpu/). That means that if you have one of the CPUs listed in the article, you already have Intel ME installed in your PC.
    ■ As noted in both this article & the one on HowToGeek.com, this chip runs separately from your normal PC (including having full access to the data, TCP/IP connections, etc. on your PC), & can apparently even run when your PC is in Sleep mode or shut down (I would imagine the only way it won't run is if you completely pull the power plug on the PC). And right now, Intel not only offers no way to disable it or turn it off, but is actively resistant to revealing any method of turning it off (let alone details of what exactly it does).
    ■ Macs that have the associated Intel CPUs are also affected by this (https://apple.stackexchange.com/questions/306959/intel-management-engine-is-macos-vulnerable). Remember, this is installed by Intel (Intel, not Apple, manufactures the CPUs), & the chip runs its own Intel-designed firmware/OS that is not tied to the main OS (Windows, Linux, OS X, it doesn't matter).


So, @damric, you don't have to worry about whether or not you'll be downloading Intel ME in the future...because if you have a Skylake/Kaby Lake/Coffee Lake CPU you've had it on your PC from day 1. And you're not going to be able to get rid of it...but you can patch the vulnerability.
 
I contacted Gigabyte about this and they said they were unaware of any intended updates to any of their Z170 or Z270 motherboards to address this. I also don't see any updated chipset drivers on the Intel website for the 100 series boards.

I just got that reply back from Gigabyte today after inquiring on Friday, so I don't know who at Gigabyte is telling you they released them, but maybe they need to get on the same page as their technical support staff.
 
Well, contrary to what Gigabyte first told me, after sending them back a pretty snarky reply, they contacted me back and appologized for the confusion as well as providing me with the F22b bios image for the Z170x-gaming 5 motherboards. It's not up on their website yet, so if anybody has a board using the F22a release and needs a copy of this them PM me and I'll make a download available to you.


What I'd really like to know though is whether or not Intel has been taken to task for discreetly adding the additional hardware without consumer knowledge. I would think that the departments of Homeland security, Defense, Federal trade commission and Consumer product safety commision might be in a position to demand the specifics behind this since it could pose a security risk and clearly has the potential to be a HUGE invasion of privacy for consumers.
 


It wouldn't surprise me if the alphabet soups requested the additional hardware. They seem to have grown to disregard A search warrant for each location (fully spelled out/described) to be searched AND a specific reason(fully spelled out/described) on specific individuals/entities (again, fully spelled out/described.) The FTC and product safety commission may or may not have their hands tied in the matter too. (Going by comments on NN, many believe the FTC to be not much more than a dog with a lot of bark, and no teeth.)
 
Status
Not open for further replies.