Dell to Disable Intel’s Insecure IME

Dec 12, 2017

Dell responds to the reports of critical vulnerabilities in the Intel vPro Management Engine.

Intel’s IME (Intel vPro Management Engine) came under fire recently when security researchers found serious bugs that allowed a remote attacker to take control of the affected systems.

“The exploitation allows an attacker to get full control over business computers, even if they are turned off (but still plugged into an outlet). We really hope by bringing this to light, it will raise awareness about security issues in firmware and avoid possible issues in the future,” wrote Embedi, the security firm that discovered the bug.

Intel doesn’t share any information about these “secretive” Management Engine technologies. ME modules sit above the operating systems and users have no access or control over the technology. Organizations like EFF are calling for more transparency around ME modules. EFF asked Intel to “Provide a way for their customers to audit ME code for vulnerabilities. That is presently impossible because the code is kept secret.”

Because Intel doesn’t provide any such information, PC vendors and users don’t have any means to audit or fix such vulnerabilities. Now one PC vendor has taken steps to protect its users. Dell is now disabling IME in all new systems, and users will have to pay to enable the service.

In a statement to ExtremeTech, Dell said, “Dell has offered a configuration option to disable the Intel vPro Management Engine (ME) on select commercial client platforms for a number of years (termed Intel vPro – ME inoperable, custom order on Dell.com). Some of our commercial customers have requested such an option from us, and in response, we have provided the service of disabling the Management Engine in the factory to meet their specific needs. As this SKU can also disable other system functionality it was not previously made available to the general public.”

PC vendors, especially those selling Linux preloaded systems, are following the suite and disabling ME by default. Dell is the biggest PC vendor, and if other vendors start disabling the engine, Intel might be compelled to either open source the technology or offer more transparency around it.

Related content

  • News

    This month in the news: KubeCon concludes in Austin, Texas, Dell to disable Intel’s insecure IME, Linus Torvalds’ advice to security experts, GPLv3 comes to the rescue of GPL violators, and Linux Kernel 4.14 released. 

    more »
  • News

    Dell kickstarts 2018 with a brand new Linux laptop, Linus Torvalds rips Intel for meltdown and Spectre flaws, LibreOffice-based CODE 3.0 released, Google announces Kubeflow to bring Kubernetes to machine learning, and a critical flaw in phpMyAdmin. 

    more »
  • Dell Kickstarts 2018 with a Brand New Linux Laptop

    The new laptop comes with Ubuntu 16.04 pre-loaded.

    more »
  • Dell Launches Five New Linux Systems

    Five new systems join Dell XPS 13 Developer Edition that come with Ubuntu pre-installed.

    more »
  • NEWS

    Updates on technologies, trends, and tools

    more »
comments powered by Disqus