At the BlackHat Europe conference in London, the researchers Mark Ermolov and Maxim Goryachy disclosed (PDF) stack buffer overflow bugs (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707) in Intel ME 11.
These could give an attacker “deep level access to most data and processes being run on the device,” and turn on the so-called ‘God Mode’ capabilities.
The attacker can run unsigned code, take control of peripherals and components, or even compromise a turned-off computer, on the Intel-inside machines shipped since 2015. The machine would function as usual, without the user and the OS having any knowledge of what’s happening.
Last month, Intel talked about the vulnerabilities in a security advisory and also released patches to fix them. But it would be the manufacturers who have the responsibilities to push those patches timely.
According to the researchers, these security patches would become ineffective if an attacker with a write access to ME-region manages to downgrade the firmware of the Intel ME chip. He would be able to exploit the bugs.
This could possibly expand the list of affected devices as Intel started putting ME chips way back in 2007. However, to get into a target machine, an attacker would require physical access, or he would have to steal the remote login credentials. For instance, if the target machine is a part of a corporate network managed by an IT admin.
There isn’t any security software that could safeguard users from the vulnerability as the ME chip operates outside the reach of anti-malware tools, even the operating system. Thankfully, there are some PC manufacturers who are willing to pull the plug on the ME chip for their users.
What are your views on Intel ME Chip? Drop them in the comments.