conference logo

Playlist "34C3: TUWAT"

Intel ME: Myths and reality

Igor Skochinsky and Nicola Corna

Many claims were made recently about purpose and capabilities of the Intel ME but with all the buzz it is not always clear what are facts and what is just speculation. We'll try to clear the fog of misunderstanding with research based on investigations of ME firmware and practical experiments on ME-equipped hardware.

We would like to cover the most common claims about the ME, based in part on the new research done in the few last years such as complete recovery of the proprietary Huffman compression which previously hindered research into some parts of the ME firmware, as well as describe what steps can ordinary users take to reduce the attack surface exposed by the ME.

Some of the claims we plan to cover:

• It's a backdoor made for NSA and serves no useful purpose
• It is always on even if the PC is turned off
• It can read all data on PC/spy on the user
• It can't be disabled
• It can lock the PC with a command sent over the air
• It a black box which can't be audited because it's closed source
• End users can't do anything about it.

Together with the talk we're planning to make available detailed notes on reverse engineering of the ME firmware with some pointers to the identified functionality for other interested researchers.