Intel Management Engine: Difference between revisions

Line 7:

|Category=Surveillance, Security, Computers, Articles in Need of Additional Work

|Website=https://www.intel.com/content/www/us/en/homepage.html

|Description=An ~~anonymous~~ system ~~that's always on and can; • Records Keystrokes & mouse movements~~

|Description=An autonomous embedded microcontroller present on Intel chipsets with root system access.

~~• Bypass encryption~~

|Logo=Intel logo.svg}}

~~• See what’s currently displayed~~

}}

Intel Management Engine~~--also referred as Intel~~ ME-- is an ~~anonymous system~~ integrated into Intel ~~CPU’s~~ since 2008 ~~that’s always running either from the battery or power supply~~ (~~regardless if powered off~~)~~, containing it’s own~~ operating system ~~called MINUX, internet connection, and booting sequence that's refereed as ()~~. ~~All of these components allow Intel ME to do the following;~~<ref name=":0">{{Cite web ~~|first=402 Payment Required~~ |date=2023-06-29 |title=~~Intel~~ Management Engine |url=https://www.~~youtube~~.com/~~watch?v=lQ8k79yNH2A~~ |url-status=live |access-date=2026-02-03 |~~website~~=~~Youtube~~}}</ref><ref name=":1">{{Cite web |last=~~Portnoy~~ |first=~~Erica~~ |last2=~~Eckersley~~ |first2=~~Peter~~ |date=2017~~-05-08~~ |title=Intel~~'s Management Engine is a security hazard, and users need a way to disable it~~ |url=https://~~www~~.~~eff~~.org/~~deeplinks~~/2017/05/~~intels~~-~~management~~-~~engine-security-hazard-and-users-need-way-disable-it~~ |url-status=~~live~~ |access-date=2026-02-03 |website=~~Electronic Frontier Foundation~~}}</ref>

The '''Intel Management Engine (ME)''' is an embedded microcontroller integrated into Intel's chipsets since 2008. From version 11 onwards, it runs a (closed-source) modified version of [https://www.minix3.org/ MINIX] as its operating system.<ref name=":4">{{Cite web |date=2023-09-26 |title=What is Intel® Management Engine? |url=https://www.intel.com/content/www/us/en/support/articles/000008927/software/chipset-software.html |url-status=live |access-date=2026-02-04 |publisher=Intel}}</ref><ref name=":5">{{Cite web |last=Ermolov |first=Mark |last2=Goryachy |first2=Maxim |date=28 Aug 2017 |title=Disabling Intel ME 11 via undocumented mode |url=https://web.archive.org/web/20201201175708/http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 |url-status=dead |access-date=2026-02-04 |website=Positive Technologies}}</ref>.

*Records Keystrokes & mouse movements

The ME is able to access the LAN adapter, giving it access to networks the system is connected to, both wired and wireless.<ref name=":6">{{Cite web |date=2021-02-18 |title=Getting Started with Intel® Active Management Technology |url=https://www.intel.com/content/www/us/en/developer/articles/guide/getting-started-with-active-management-technology.html |access-date=2026-02-04 |publisher=Intel}}</ref>

*Bypass encryption

*See what’s currently displayed on the ~~screen~~

*Turn your machine on or off

*Access all data passed through CPU & RAM

*Bypass Firewalls

*Change Settings on any operating system and ~~BIOS~~.

*Access the internet and do [[wikipedia:~~Data_exfiltration~~|~~data exfiltration]] (Even if turned off via BIOS or Operating System)~~

The power state of the ME is independent from the rest of the system, allowing it to run while the system is turned off, assuming that the system is still receiving power.<ref name=":4" />

Additionally, Intel ME also contains several measures to check if it's been tampered with. Several of these conclude being inaccessible to the machine BIOS or chosen Operating System, scanning the entire machine every 30 minutes to verify if signature is signed or else the entire machine shutdown, and making it exceptionally difficult to reverse engineer.

Intel ~~claims~~ Intel ME is ~~however~~ the full ~~purpose~~ of ~~Intel~~ ME ~~is unknown~~.

Additionally, Intel ME also contains several measures to check if it's been tampered with. These include being inaccessible to the machine BIOS or OS, scanning the entire machine every 30 minutes to verify if signature is signed (otherwise shutting down the system), and making it exceptionally difficult to reverse engineer.

==Intel AMT==

One of the services utilizing the capabilities of the Intel ME is '''Intel Active Management (AMT)'''. It is part of a set of technologies marketed as Intel vPro. Intel AMT is built into most modern Intel CPUs, including but not limited to the Intel Core i5, Intel Core i7, Intel Core M, and Intel Xeon series. The AMT has full access to the system and can bypass system firewalls<ref name=":6" /><ref>{{Cite web |date=2021-01-05 |title=Intel® Active Management Technology Developers Guide |url=https://www.intel.com/content/www/us/en/docs/active-management-technology/developer-guide/2021/overview.html |url-status=live |access-date=2026-02-04 |publisher=Intel}}</ref>.

AMT allows remote management of the system by using the ME's network access, exposing 2 ports through which commands can be issued. Some of the many features of the AMT are:<ref name=":6" />

* Access to hardware information

* Remote power control

* [https://software.intel.com/sites/manageability/HLAPI_Documentation/default.htm?turl=Documents%2Fbootcontrol.htm Boot control]

* Wake-on-LAN/Wake on wireless LAN

* Remote Schedule Maintenance (outside firewall)

* KVM (keyboard, video, mouse) remote control

* Updating firmware

==Security==

Line 41:

Line 45:

|-

|2009

|Developed by Invisible Things Lab, it was discovered that a bug allowed it to access the machine memory. <ref>{{Cite web |date=2008-08-26 |title=Intel patches the Q35 bug |url=https://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html |url-status=live |access-date=2026-02-03 |website=The Invisible Things Lab's blog}}</ref><ref name=":0" /><ref name=":2">{{Cite web |last=Robin |first=Thibaud |date=2025-03-02 |title=The Mysterious Story of a Troubling Intel Chip |url=https://blog.trackflaw.com/en/the-mysterious-story-of-a-disturbing-intel-flea/ |url-status=live |access-date=2026-02-03 |website=TrackFlaw}}</ref>

|Developed by Invisible Things Lab, it was discovered that a bug allowed it to access the machine memory. <ref>{{Cite web |date=2008-08-26 |title=Intel patches the Q35 bug |url=https://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html |url-status=live |access-date=2026-02-03 |website=The Invisible Things Lab's blog}}</ref><ref name=":0">{{Cite web |first=402 Payment Required |date=2023-06-29 |title=Intel Management Engine |url=https://www.youtube.com/watch?v=lQ8k79yNH2A |url-status=live |access-date=2026-02-03 |website=Youtube}}</ref><ref name=":2">{{Cite web |last=Robin |first=Thibaud |date=2025-03-02 |title=The Mysterious Story of a Troubling Intel Chip |url=https://blog.trackflaw.com/en/the-mysterious-story-of-a-disturbing-intel-flea/ |url-status=live |access-date=2026-02-03 |website=TrackFlaw}}</ref>

|CVE-2008-1234

|-

Line 58:

Line 62:

|2020

|Several vulnerabilities were found in Intel AMT that allows hackers to add a root kit. <ref name=":3" /><ref>{{Cite web |last=Larabe |first=Michael |date=2020-09-08 |title=Intel AMT Hit By Another "Critical" Security Vulnerability |url=https://www.semiaccurate.com/2016/01/20/intel-puts-out-secure-cpus-based-on-insecurity/ |url-status=live |access-date=2026-02-03 |website=phoronix}}</ref>

|CVE 2020-0535<ref>{{Cite web |first=National Vulnerability Database |date=2020-06-15 |title=CVE-2020-0535 Detail |url=https://nvd.nist.gov/vuln/detail/CVE-2020-0535 |url-status=live |access-date=2026-02-03 |website=nist.gov}}</ref><ref>{{Cite web |first=National Vulnerability Database |date=2020-06-15 |title=CVE-2020-0531 |url=https://nvd.nist.gov/vuln/detail/CVE-2020-0531 |url-status=live |access-date=2026-02-03 |website=Nist}}</ref><ref>{{Cite web |first=Intel |date=2020-11-10 |title=2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory |url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html |url-status=live |access-date=2026-02-03 |website=Intel}}</ref>

|}

==Hidden Deals==

~~{{Ph-C-Inc}}~~

Around 2017, an undocumented flag was discovered that, when set, disables a large portion of the ME. This feature appears to have been requested by the NSA.<ref name=":5" /><ref>{{Cite web |last=Claburn |first=Thomas |date=29 Aug 2017 |title=Intel ME controller chip has secret kill switch |url=https://www.theregister.com/2017/08/29/intel_management_engine_can_be_disabled/ |url-status=live |access-date=2026-02-04 |website=The Register}}</ref>

~~On date~~, ~~year, it~~ was ~~revealed~~ that ~~the National Security Agency secretly contacted Intel to provide~~ a ~~CPU without~~ the ~~Intel~~ ME~~, stating it was for governmental usage"~~.

~~intel advance management technology~~

This ~~is a list of all consumer-protection incidents related~~ to ~~this product~~. ~~Any incidents not mentioned here can be found in the [[:Category~~:{{~~PAGENAME}}~~|~~{{PAGENAME}} category]].~~

==~~=Example incident one (''~~date~~'')~~===

~~{{Main~~|~~link to the main CR Wiki article}}~~

~~Short summary of the incident (could be the same as the summary preceding the article).~~

=~~==Example incident two (''~~date~~'')~~===

~~...~~

==Tools and Tips==

While Intel ME is normally not possible to be disable (except in some cases),there ~~has~~ been ~~tool’s~~ and tips ~~made~~ to allow disabling ~~part of its system~~.

While Intel ME is normally not possible to be disable (except in some cases), there have been tools and tips developed to allow (partially) disabling the ME.<ref>{{Cite web |title=Intel’s Management Engine |url=https://puri.sm/learn/intel-me/ |url-status=live |access-date=2026-02-04 |publisher=Purism}}</ref>

*[https://github.com/corna/me_cleaner ME Cleaner Tool]

Line 90:

Line 81:

==References==

~~{{reflist}}~~https://www.youtube.com/watch?v=Lr-9aCMUXzI

https://www.youtube.com/watch?v=Lr-9aCMUXzI

https://www.csoonline.com/article/562761/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html intel response to backdoor accusa

Line 96:

Line 89:

https://www.youtube.com/watch?v=RPC5f7EJN6U

<ref name=":1">{{Cite web |last=Portnoy |first=Erica |last2=Eckersley |first2=Peter |date=2017-05-08 |title=Intel's Management Engine is a security hazard, and users need a way to disable it |url=https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it |url-status=live |access-date=2026-02-03 |website=Electronic Frontier Foundation}}</ref>

https://leeneubecker.com/intels-secret-backdoor-can-now-be-turned-off/

@@ Line 7: / Line 7: @@
 |Category=Surveillance, Security, Computers, Articles in Need of Additional Work
 |Website=https://www.intel.com/content/www/us/en/homepage.html
-|Description=An anonymous system that's always on and can;     • Records Keystrokes & mouse movements
+|Description=An autonomous embedded microcontroller present on Intel chipsets with root system access.
-    • Bypass encryption
+|Logo=Intel logo.svg}}
-    • See what’s currently displayed
-}}
-Intel Management Engine--also referred as Intel ME-- is an anonymous system integrated into Intel CPU’s since 2008 that’s always running either from the battery or power supply (regardless if powered off), containing it’s own operating system called MINUX, internet connection, and booting sequence that's refereed as (). All of these components allow Intel ME to do the following;<ref name=":0">{{Cite web |first=402 Payment Required |date=2023-06-29 |title=Intel Management Engine |url=https://www.youtube.com/watch?v=lQ8k79yNH2A |url-status=live |access-date=2026-02-03 |website=Youtube}}</ref><ref name=":1">{{Cite web |last=Portnoy |first=Erica |last2=Eckersley |first2=Peter |date=2017-05-08 |title=Intel's Management Engine is a security hazard, and users need a way to disable it |url=https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it |url-status=live |access-date=2026-02-03 |website=Electronic Frontier Foundation}}</ref>
+The '''Intel Management Engine (ME)''' is an embedded microcontroller integrated into Intel's chipsets since 2008. From version 11 onwards, it runs a (closed-source) modified version of [https://www.minix3.org/ MINIX] as its operating system.<ref name=":4">{{Cite web |date=2023-09-26 |title=What is Intel® Management Engine? |url=https://www.intel.com/content/www/us/en/support/articles/000008927/software/chipset-software.html |url-status=live |access-date=2026-02-04 |publisher=Intel}}</ref><ref name=":5">{{Cite web |last=Ermolov |first=Mark |last2=Goryachy |first2=Maxim |date=28 Aug 2017 |title=Disabling Intel ME 11 via undocumented mode |url=https://web.archive.org/web/20201201175708/http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1 |url-status=dead |access-date=2026-02-04 |website=Positive Technologies}}</ref>.
-*Records Keystrokes & mouse movements
+The ME is able to access the LAN adapter, giving it access to networks the system is connected to, both wired and wireless.<ref name=":6">{{Cite web |date=2021-02-18 |title=Getting Started with Intel® Active Management Technology |url=https://www.intel.com/content/www/us/en/developer/articles/guide/getting-started-with-active-management-technology.html |access-date=2026-02-04 |publisher=Intel}}</ref>
-*Bypass encryption
-*See what’s currently displayed on the screen
-*Turn your machine on or off
-*Access all data passed through CPU & RAM
-*Bypass Firewalls
-*Change Settings on any operating system and BIOS.
-*Access the internet and do [[wikipedia:Data_exfiltration|data exfiltration]] (Even if turned off via BIOS or Operating System)
+The power state of the ME is independent from the rest of the system, allowing it to run while the system is turned off, assuming that the system is still receiving power.<ref name=":4" />
-Additionally, Intel ME also contains several measures to check if it's been tampered with. Several of these conclude being inaccessible to the machine BIOS or chosen Operating System, scanning the entire machine every 30 minutes to verify if signature is signed or else the entire machine shutdown, and making it exceptionally difficult to reverse engineer.
-Intel claims Intel ME is however the full purpose of Intel ME is unknown.
+Additionally, Intel ME also contains several measures to check if it's been tampered with. These include being inaccessible to the machine BIOS or OS, scanning the entire machine every 30 minutes to verify if signature is signed (otherwise shutting down the system), and making it exceptionally difficult to reverse engineer.
+==Intel AMT==
+One of the services utilizing the capabilities of the Intel ME is '''Intel Active Management (AMT)'''. It is part of a set of technologies marketed as Intel vPro. Intel AMT is built into most modern Intel CPUs, including but not limited to the Intel Core i5, Intel Core i7, Intel Core M, and Intel Xeon series. The AMT has full access to the system and can bypass system firewalls<ref name=":6" /><ref>{{Cite web |date=2021-01-05 |title=Intel® Active Management Technology Developers Guide |url=https://www.intel.com/content/www/us/en/docs/active-management-technology/developer-guide/2021/overview.html |url-status=live |access-date=2026-02-04 |publisher=Intel}}</ref>.
+AMT allows remote management of the system by using the ME's network access, exposing 2 ports through which commands can be issued. Some of the many features of the AMT are:<ref name=":6" />
+* Access to hardware information
+* Remote power control
+* [https://software.intel.com/sites/manageability/HLAPI_Documentation/default.htm?turl=Documents%2Fbootcontrol.htm Boot control]
+* Wake-on-LAN/Wake on wireless LAN
+* Remote Schedule Maintenance (outside firewall)
+* KVM (keyboard, video, mouse) remote control
+* Updating firmware
 ==Security==
@@ Line 41: / Line 45: @@
 |-
 |2009
-|Developed by Invisible Things Lab, it was discovered that a bug allowed it to access the machine memory. <ref>{{Cite web |date=2008-08-26 |title=Intel patches the Q35 bug |url=https://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html |url-status=live |access-date=2026-02-03 |website=The Invisible Things Lab's blog}}</ref><ref name=":0" /><ref name=":2">{{Cite web |last=Robin |first=Thibaud |date=2025-03-02 |title=The Mysterious Story of a Troubling Intel Chip |url=https://blog.trackflaw.com/en/the-mysterious-story-of-a-disturbing-intel-flea/ |url-status=live |access-date=2026-02-03 |website=TrackFlaw}}</ref>
+|Developed by Invisible Things Lab, it was discovered that a bug allowed it to access the machine memory. <ref>{{Cite web |date=2008-08-26 |title=Intel patches the Q35 bug |url=https://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html |url-status=live |access-date=2026-02-03 |website=The Invisible Things Lab's blog}}</ref><ref name=":0">{{Cite web |first=402 Payment Required |date=2023-06-29 |title=Intel Management Engine |url=https://www.youtube.com/watch?v=lQ8k79yNH2A |url-status=live |access-date=2026-02-03 |website=Youtube}}</ref><ref name=":2">{{Cite web |last=Robin |first=Thibaud |date=2025-03-02 |title=The Mysterious Story of a Troubling Intel Chip |url=https://blog.trackflaw.com/en/the-mysterious-story-of-a-disturbing-intel-flea/ |url-status=live |access-date=2026-02-03 |website=TrackFlaw}}</ref>
 |CVE-2008-1234
 |-
@@ Line 58: / Line 62: @@
 |2020
 |Several vulnerabilities were found in Intel AMT that allows hackers to add a root kit. <ref name=":3" /><ref>{{Cite web |last=Larabe |first=Michael |date=2020-09-08 |title=Intel AMT Hit By Another "Critical" Security Vulnerability |url=https://www.semiaccurate.com/2016/01/20/intel-puts-out-secure-cpus-based-on-insecurity/ |url-status=live |access-date=2026-02-03 |website=phoronix}}</ref>
 |CVE 2020-0535<ref>{{Cite web |first=National Vulnerability Database |date=2020-06-15 |title=CVE-2020-0535 Detail |url=https://nvd.nist.gov/vuln/detail/CVE-2020-0535 |url-status=live |access-date=2026-02-03 |website=nist.gov}}</ref><ref>{{Cite web |first=National Vulnerability Database |date=2020-06-15 |title=CVE-2020-0531 |url=https://nvd.nist.gov/vuln/detail/CVE-2020-0531 |url-status=live |access-date=2026-02-03 |website=Nist}}</ref><ref>{{Cite web |first=Intel |date=2020-11-10 |title=2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory |url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html |url-status=live |access-date=2026-02-03 |website=Intel}}</ref>
 |}
 ==Hidden Deals==
-{{Ph-C-Inc}}
+Around 2017, an undocumented flag was discovered that, when set, disables a large portion of the ME. This feature appears to have been requested by the NSA.<ref name=":5" /><ref>{{Cite web |last=Claburn |first=Thomas |date=29 Aug 2017 |title=Intel ME controller chip has secret kill switch |url=https://www.theregister.com/2017/08/29/intel_management_engine_can_be_disabled/ |url-status=live |access-date=2026-02-04 |website=The Register}}</ref>
-On date, year,  it was revealed that the National Security Agency secretly contacted Intel to provide a CPU without the Intel ME, stating it was for governmental usage".
-intel advance management technology
-This is a list of all consumer-protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-===Example incident one (''date'')===
-{{Main|link to the main CR Wiki article}}
-Short summary of the incident (could be the same as the summary preceding the article).
-===Example incident two (''date'')===
-...
 ==Tools and Tips==
-While Intel ME is normally not possible to be disable (except in some cases),there has been tool’s and tips made to allow disabling part of its system.
+While Intel ME is normally not possible to be disable (except in some cases), there have been tools and tips developed to allow (partially) disabling the ME.<ref>{{Cite web |title=Intel’s Management Engine |url=https://puri.sm/learn/intel-me/ |url-status=live |access-date=2026-02-04 |publisher=Purism}}</ref>
 *[https://github.com/corna/me_cleaner ME Cleaner Tool]
@@ Line 90: / Line 81: @@
 ==References==
-{{reflist}}https://www.youtube.com/watch?v=Lr-9aCMUXzI
+<references />
+https://www.youtube.com/watch?v=Lr-9aCMUXzI
 https://www.csoonline.com/article/562761/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html intel response to backdoor accusa
@@ Line 96: / Line 89: @@
 https://www.youtube.com/watch?v=RPC5f7EJN6U
-<ref name=":1" />
+<ref name=":1">{{Cite web |last=Portnoy |first=Erica |last2=Eckersley |first2=Peter |date=2017-05-08 |title=Intel's Management Engine is a security hazard, and users need a way to disable it |url=https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it |url-status=live |access-date=2026-02-03 |website=Electronic Frontier Foundation}}</ref>
 https://leeneubecker.com/intels-secret-backdoor-can-now-be-turned-off/