CRW

Home Wiki

Intel Management Engine

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Verification concerns
Editors have raised concerns about the verifiability of one or more claims.
Stub
This article is a stub. The wiki community is still building it out.
Contents6
  1. Intel AMT
  2. Security
  3. Hidden Deals
  4. Tools and Tips
  5. See also
  6. References

⚠️ Article status notice: This article has been marked as incomplete

This article needs additional work for its sourcing and verifiability to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues.

This notice will be removed once sufficient documentation has been added to establish the systemic nature of these issues. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the discord and post to the #appeals channel.

Learn more ▼

This Article Requires Additional Verification

This article has been flagged due to verification concerns. While the topic might have merit, the claims presented lack citations that live up to our standards, or rely on sources that are questionable or unverifiable by our standards. Articles must meet the Moderator Guidelines and Mission statement; factual accuracy and systemic relevance are required for inclusion here!

Why This Article Is In Question

Articles in this wiki are required to:

  • Provide verifiable & credible evidence to substantiate claims.
  • Avoid relying on anecdotal, unsourced, or suspicious citations that lack legitimacy.
  • Make sure that all claims are backed by reliable documentation or reporting from reputable sources.

Examples of issues that trigger this notice:

  • A topic that heavily relies on forum posts, personal blogs, or other unverifiable sources.
  • Unsupported claims with no evidence or citations to back them up.
  • Citations to disreputable sources, like non-expert blogs or sites known for spreading misinformation.
How You Can Improve This Article

To address verification concerns:

  • Replace or supplement weak citations with credible, verifiable sources.
  • Make sure that claims are backed by reputable reporting or independent documentation.
  • Provide additional evidence to demonstrate systemic relevance and factual accuracy. For example:
    • Avoid: Claims based entirely on personal anecdotes or hearsay without supporting documentation.
    • Include: Corporate policies, internal communications, receipts, repair logs, verifiable video evidence, or credible investigative reports.

If you believe this notice has been placed in error, or once the article has been updated to address these concerns, please visit the Moderator's noticeboard, or the #appeals channel on our Discord server: Join here.

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Issues may include:

  • This article needs to be expanded to provide meaningful information
  • This article requires additional verifiable evidence to demonstrate systemic impact
  • More documentation is needed to establish how this reflects broader consumer protection concerns
  • The connection between individual incidents and company-wide practices needs to be better established
  • The article is simply too short, and lacks sufficient content

How you can help:

  • Add documented examples with verifiable sources
  • Provide evidence of similar incidents affecting other consumers
  • Include relevant company policies or communications that demonstrate systemic practices
  • Link to credible reporting that covers these issues
  • Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Intel Management Engine
Basic Information
Release Year 2008
Product Type Surveillance, Security, Computers, Articles in Need of Additional Work
In Production Yes
Official Website https://www.intel.com/content/www/us/en/homepage.html


The Intel Management Engine (ME) is an embedded microcontroller integrated into Intel's chipsets since 2008. From version 11 onwards, it runs a (closed-source) modified version of MINIX as its operating system.[1][2][3].

The ME is able to access the LAN adapter, giving it access to networks the system is connected to, both wired and wireless.[4]

The power state of the ME is independent from the rest of the system, allowing it to run while the system is turned off, assuming that the system is still receiving power.[1]

Additionally, Intel ME also contains several measures to check if it's been tampered with. These include being inaccessible to the machine BIOS or OS, scanning the entire machine every 30 minutes to verify if signature is signed (otherwise shutting down the system)[source?], and making it exceptionally difficult to reverse engineer.

Intel AMT

One of the services utilizing the capabilities of the Intel ME is Intel Active Management (AMT). It is part of a set of technologies marketed as Intel vPro. Intel AMT is built into most modern Intel CPUs, including but not limited to the Intel Core i5, Intel Core i7, Intel Core M, and Intel Xeon series. The AMT has full access to the system and can bypass system firewalls.[4][5] By default, AMT is enabled, on supported chips. AMT support is listed under the "Security & Reliability" section on the intel product website (example).

Intel ME Boot Sequence for Laptops/Computers
Booting Process

AMT allows remote management of the system by using the ME's network access, exposing 2 ports through which commands can be issued. Some of the many features of the AMT are:[4]

  • Access to hardware information
  • Remote power control
  • Boot control
  • Wake-on-LAN/Wake on wireless LAN
  • Remote Schedule Maintenance (outside firewall)
  • KVM (keyboard, video, mouse) remote control
  • Updating firmware

Security

Intel ME follows security by obscurity, a concept that if people are unable to view the code, then it makes it more secure, however it's known to be ineffective and posing a huge security risks. Leaves many of these vulnerabilities unpatchable.

Date Description CVE
2009 A "Ring -3 Rootkit" for the Q35 chipset was demonstrated by Invisible Things Lab, allowing an attacker to execute code, even when Intel AMT was disabled in the BIOS.[6] The bug was subsequently patched by Intel.[7] No CVE
2010 An individual by the name of Vassilios Vereris discovered an bypass that allow attackers to remotely enable Intel AMT.[8][9] No CVE
2017 Discovered by Maksim Malyutin from Embedi, a bug in Intel AMT allows a hacker to gain admin privileges from a remote location.[8] Reportedly, Intel was aware of this more than 5 years prior to the report SemiAccurate gave to Intel, however it was dismissed for unknown reasons.[10][11][12] CVE-2017-5689.[13]
2018 Researchers at F-Secure discovered an exploit regarding Intel AMT that allows a hacker with physical access to the machine to bypass the user, BIOS, Bitlocker, and TPM passwords in a matter of 30 seconds. This bug is more severe against corporate laptops.[14][15][16][17] No CVE
2020 Several vulnerabilities were found in Intel AMT, allowing hackers to add a root kit.[14][18] CVE 2020-0535[19][20][21]

Hidden Deals

Around 2017, an undocumented flag was discovered that, when set, disables a large portion of the ME. This feature appears to have been requested by the NSA.[2][22]

Tools and Tips

There is no official method to disable the ME, however there have been tools and tips developed to allow (partially) disabling the ME.[8][23]

See also

References

  1. 1.0 1.1 "What is Intel® Management Engine?". Intel. 2023-09-26. Archived from the original on 6 Feb 2026. Retrieved 2026-02-04.
  2. 2.0 2.1 Ermolov, Mark; Goryachy, Maxim (28 Aug 2017). "Disabling Intel ME 11 via undocumented mode". Positive Technologies. Retrieved 2026-02-04.{{cite web}}: CS1 maint: url-status (link)
  3. Tanenbaum, Andrew S. "An Open Letter to Intel". www.cs.vu.nl. Archived from the original on 16 Feb 2026. Retrieved 2026-02-04.
  4. 4.0 4.1 4.2 "Getting Started with Intel® Active Management Technology". Intel. 2021-02-18. Archived from the original on 24 Jan 2026. Retrieved 2026-02-04.
  5. "Intel® Active Management Technology Developers Guide". Intel. 2021-01-05. Archived from the original on 8 Jan 2026. Retrieved 2026-02-04.
  6. Tereshkin, Alexander; Wojtczuk, Rafal (29 Jul 2009). "Introducing Ring -3 Rootkits" (PDF). Blackhat. Archived (PDF) from the original on 2025-12-05. Retrieved 2026-02-04.
  7. "Intel patches the Q35 bug". The Invisible Things Lab's blog. 2008-08-26. Archived from the original on 13 Feb 2026. Retrieved 2026-02-03.
  8. 8.0 8.1 8.2 "Disabling Intel ME in Firmware" (PDF). ecrsecurity. 2026-02-03. Archived (PDF) from the original on 13 Feb 2026. Retrieved 2026-02-03.
  9. Ververis, Vassilios (2010). "Security Evaluation of Intel's Active Management Technology" (PDF). archive.org.
  10. Demerjian, Charlie (2017-05-01). "Remote security exploit in all 2008+ Intel platforms". SemiAccurate. Archived from the original on 13 Jan 2026. Retrieved 2026-02-03.
  11. Armasu, Lucian (2017-05-02). "Intel AMT Vulnerability Shows Intel's Management Engine Can Be Dangerous". Tom's Hardware. Archived from the original on 31 Dec 2025. Retrieved 2026-02-03.
  12. "The Vulnerability Uncovered". UMA Technology. 2025-01-11. Archived from the original on 15 Jun 2025. Retrieved 2026-02-03.
  13. "CVE-2017-5689 Detail". Nist. 2017-05-02. Archived from the original on 24 Jan 2026. Retrieved 2026-02-03.
  14. 14.0 14.1 Waldman, Arielle (2020-09-09). "Intel patches critical flaw in Active Management Technology". TechTarget. Archived from the original on 17 Jan 2026. Retrieved 2026-02-03.
  15. Ashford, Warwick (2018-01-18). "F-Secure highlights another critical Intel security issue". TechTarget. Archived from the original on 6 Aug 2025. Retrieved 2026-02-03.
  16. Subramaniam, Vaidyanathan (2018-01-14). "Gone in 30 seconds: New Intel AMT exploit is scarier than you can ever fathom". Notebook Check. Archived from the original on 8 Jan 2026. Retrieved 2026-02-03.
  17. Armasu, Lucian (2018-01-12). "Intel AMT Allows BitLocker Bypass In Under A Minute". Tom's Hardware. Archived from the original on 13 Feb 2026. Retrieved 2026-02-03.
  18. Larabe, Michael (2020-09-08). "Intel AMT Hit By Another "Critical" Security Vulnerability". phoronix. Archived from the original on 8 Jan 2026. Retrieved 2026-02-03.
  19. National Vulnerability Database (2020-06-15). "CVE-2020-0535 Detail". nist.gov. Archived from the original on 4 Jan 2026. Retrieved 2026-02-03.
  20. National Vulnerability Database (2020-06-15). "CVE-2020-0531". Nist. Archived from the original on 22 Aug 2025. Retrieved 2026-02-03.
  21. Intel (2020-11-10). "2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory". Intel. Archived from the original on 1 Dec 2025. Retrieved 2026-02-03.
  22. Claburn, Thomas (29 Aug 2017). "Intel ME controller chip has secret kill switch". The Register. Archived from the original on 1 Jan 2026. Retrieved 2026-02-04.
  23. 23.0 23.1 "Intel's Management Engine". Purism. Archived from the original on 3 Dec 2025. Retrieved 2026-02-04.
Filed under