Intel published safety information regarding the problem detected in Management Engine (ME) module. The corporation admitted that this vulnerability affects a wide spectrum of processes that belong to different generations and families.
Positive Technologies were the ones to describe the issue. The Intel ME chip is built in platform controller hub (PCH). This is also where the entire communication between a processor and other peripheral devices that are connected to a PC happens. Consequently, it means that Intel ME chip has an access to almost any data on a computer. Researchers managed to detect an error that allows running authorised code in a PCH on any motherboard, regardless of the make, that houses Intel Skylake processors or never. This means that in case of a successful attack criminals would be able to gain full control over the system.
The main threat here is that an attacker can install “tabs” inside Intel ME code, a spyware for example, which no traditional security software and features would be able to detect. Moreover, a that is hacked this way would remain fully functional and a user will never know that he or she is under surveillance.
The processors affected, according to Intel are:
Intel Core 6th, 7th, and 8th Gen
Intel Xeon E3-1200 v5 и v6;
Intel Xeon Scalable;
Intel Xeon W;
Intel Atom C3000;
Intel Apollo Lake Atom E3900;
Intel Apollo Lake Pentium;
Intel Celeron N и J Series.
Intel created a special tool, which runs on Windows or Linux and detects whether the device is vulnerable. You can also contact London IT Support, Bits & PCs, to check your system for vulnerabilities.