The Intel ME is a complete OS running on dedicated hardware in Intel systems. It’s an inaccessible black box to users, inspiring paranoia that is in this case potentially justified. Prof. Tanenbaum himself, who was unaware until recently of Intel’s (completely legal) use of MINIX, ended his response with “Putting a possible spy in every computer is a terrible development.” He notes that MINIX, especially the older version Intel adopted, was designed more for education than security.
The publicity surrounding these discoveries prompted “an in-depth comprehensive security review,” which found that a successful attacker could do the following:
- Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
- Load and execute arbitrary code outside the visibility of the user and operating system.
- Cause a system crash or system instability.
These issues are now solved, according to Intel, but the security notice doesn’t make any specific mention of MINIX or whether it has been completely replaced.
- Patrick Lathan
