"GOD MODE" Turn On To Intel ME Chips By Hackers

"GOD MODE" Turn On To Intel ME Chips By Hackers

 the researchers from the Russian security firm Positive Technologies have revealed how they managed to hack Intel’s Management Engine chip, running the MINIX OS, which has become famous overnight.

At the BlackHat Europe conference in London, the researchers Mark Ermolov and Maxim Goryachy disclosed (PDF) stack buffer overflow bugs (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707) in Intel ME 11.

These could give an attacker “deep level access to most data and processes being run on the device,” and turn on the so-called ‘God Mode’ capabilities.

The attacker can run unsigned code, take control of peripherals and components, or even compromise a turned-off computer, on the Intel-inside machines shipped since 2015. The machine would function as usual, without the user and the OS having any knowledge of what’s happening.

According to the reports, the vulnerabilities marked with severity level “important” and simply affect the following Intel processors with Intel ME:-

6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ N and J series Processors

These security loopholes can easily give a hacker core level access to most data and processes that are being run on the device, and then the hacker could easily turn on the so-called ‘God Mode’ capabilities.

However, now if talk about the controls that the hacker or attacker could take then let me clear that hacker can easily run any vulnerable code, take control of system components, and the most horrible thing is that even these loopholes could be used to compromise or hack a turned-off computer as well. During these vulnerable processes, the system will simply function as usual as it works, without the user and the Operating System having any knowledge of what is happening.

The security researchers, earlier the security patches that the giant chip maker Intel released would simply become useless if an attacker manages to downgrade the firmware of the Intel Management Engine (ME) chip, hence, easily the attacker will be able to exploit the bugs.

It is really worrisome, as there is no security software or tools are available to safeguard users from this vulnerability. As the Intel Management Engine (ME) chip operates outside the reach of security software or tools, even the operating system as well. However, still, there is some hope is available, as some PC manufacturers are there who are really willing hard simply to pull the plug on the Intel Management Engine (ME) chip for their precious users.

There isn’t any security software that could safeguard users from the vulnerability as the ME chip operates outside the reach of anti-malware tools, even the operating system.