What is "the bad thing"?
Let's say somebody told you that inside your laptop (and everybody else's laptop, plus lots of servers) there is a secret second computer which runs a secret body of code which can secretly examine and change any part of the system, and secretly send and receive data over Wi-Fi and wired Ethernet networks.
Probably you would answer "Yeah, right, and please take off your tin-foil hat". But what if you are wrong?
What if there really is a secret second computer hidden inside your computer? Even worse, what if the secret program running inside the secret second computer has security vulnerabilities so that attackers can run secret code on the secret computer inside your computer? What could be worse than that??? Ok, what if you can't turn it off?
Well, it's true. If you have a laptop newer than roughly 2010, whether the processor is Intel or AMD, it probably includes a thing that Intel calls the "Management Engine". The quick version of the story is:
The Management Engine is a completely independent processor from the ones you can see;
It can access pretty much anything on the machine, including sending and receiving packets over the network interfaces;
It runs a real-time OS, plus an embedded web server (not that web servers are known for harboring remotely-exploitable security vulnerabilities or anything),
Your machine probably will not run unless the Management Engine finds a manufacturer-signed body of code in the BIOS flash when you power the machine on,
Unsurprisingly, people have found serious vulnerabilities in the secret Management Engine firmware.
Document Dump
Here is some publicly available information about ME.
Intel ME Secrets (Igor Skochinsky, RECON 2014)
Neutralize ME firmware on SandyBridge and IvyBridge platforms ("persmule", November 17, 2016)
Intel Security Advisory INTEL-SA-00075 (Intel, May 1, 2017)
The hijacking flaw that lurked in Intel chips is worse than anyone thought (Ars Technica, May 6, 2017) [well, it wasn't worse than everybody thought...]
Intel's Management Engine is a security hazard, and users need a way to disable it (EFF, May 8, 2017)
Disabling Intel ME 11 via undocumented mode (Positive Contact, August 28, 2017)
How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine (Black Hat Europe, nominally December 2017, announced earlier)
Intel Security Advisory INTEL-SA-00086 (Intel, November 20, 2017)
![[New!]](new.gif)
Apple forgot to lock Intel Management Engine in laptops, so get patching (The Register, October 3, 2018)
About This Document
For a while I sporadically sent mail to people I know (largely technologists) about this--first, when I found out about it, so people could think about the likely future implications, then later, as the obvious implications became real, about the things that had been realized. The purpose of this page is to make some history available in a single place, so I can send people a URL instead of mail.
The moral of the story is, I think, that if you ask "What could possibly go wrong?" and a bunch of answers suggest themselves, it is probably a good idea to think carefully about what will happen when those things go wrong, because probably they will. (If you don't ask "What could possibly go wrong?" when deploying a secret computer running a mandatory secret body of code including a web server, well, maybe you should.)
The other moral of the story, I think, is that people might want to insist on computers that run code all of which can be inspected (see, e.g., Libreboot).
