So, what is MINIX? It is an operating system that Intel puts deep inside your computer. The Unix-like operating system was developed by Andrew Tanenbaum in 1987 as education software to demonstrate the working of an OS.
It’s said that MINIX influenced the development of the Linux kernel created by Linus Torvalds. However, the two have major differences in their design.
After the release of MINIX 3, it is being developed as Microkernel OS. You can find MINIX 3 running inside every Intel-powered desktop, laptop or server launched after 2015. This surely gives it the title of the most used operating system in the world. Although, you don’t use it at all.
Why having MINIX (and Intel Management Engine) has concerned people?
A closed source version of MINIX (which itself is an open source OS) exists on its own CPU (Intel Management Engine) that we don’t have access to, but it has complete access to the system memory, hard drive, TCP/IP stack. In short, all of it. That level of privilege can make people uncomfortable.
MINIX exists on “Ring -3” (it’s the highest privilege ring used to enable different levels of protection) which can’t be accessed by the users. The kernel exists on “Ring 0” and the apps run on “Ring 3”. These rings have lower privileges.
The separate embedded chip works with the computer’s firmware (UEFI) during boot. It also has a module called Active Management Technology (AMT) which can be used by organizations to remotely control computers.
Regarding features, MINIX includes full networking stack, file system, web server, device drivers for USB, networking, etc.
So, what can happen?
Allowing MINIX to act as a web server, when it has access to your computer, is a heartbeat bumper. Another shocker is that the Management Engine chip can upload and download data packets even if the firewall of your main OS is turned on.
Can’t it be used to pump data over the internet and possibly create backdoor? It might not be Intel who would turn evil some day but what about hackers and security agencies which don’t leave chance get into people’s computers.
A pain point is that Intel hasn’t revealed much about the Management Engine; it’s largely undocumented. Also, security threats related to Intel’s Management Engine have been raised in the past.
The situation gets worsened by the irregular availability of security updates. An escalation of privilege vulnerability existed for 7 years in the engine’s Active Management (AMT) module before Intel released a patch.
Google is working to remove the Intel ME chip from their internal servers after concerns of security. There is no way to disable the Management Engine chip (AMT can be disabled); the users might get perturbed by the security and privacy implications. The EFF has called Intel’s ME chip a “security hazard” and called for an option to disable it, as well as, improve transparency in the form of proper documentation.
But this shouldn’t lead to ditching Intel altogether. The chip isn’t completely unstoppable. Earlier this year, a team of Russian researchers found a way to disable the chip by using government-only privileges, said a ZDNet report.
It’s also said that a computer can be accessed through ME even when it’s powered off. But there doesn’t seem much data that can be seen. There won’t be anything left in the RAM – it’s a volatile memory. And if there is a mechanical hard drive, how would it spin without power?
According to Tech Republic’s Jack Wallen, the cold-boot attacks could be the biggest possible concern here. Also, AMT module has functionalities similar to Wake-on-LAN; it could be used to turn on a device and access its data.
What did Intel say in the past?
Intel’s Steve Grobman has clarified in the past that the company doesn’t do anything to breach user’s security.
“Intel takes the integrity of its products very seriously. Intel does not put back doors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user,” he wrote in a blog post.
“In short, Intel does not participate in efforts to decrease security in technology.”
If an exploit ever happens, it might compel users to start looking for Intel alternatives. So, what are the other options, AMD? But wait, the other silicon chip-maker also has a similar implementation. It would be wiser if they remove it before Intel does.
So, what do you think about MINIX and Intel’s ME chip? Should Intel remove it? Drop your thoughts in the comments.