Skip to content

Intel ME rootkits

Noted by on his . Last updated . Changelog


I know of two Intel ME rootkits that didn’t involve Intel AMT; the latter can be enabled/disabled on “vPro” chips. One rootkit was from 2009 and seems less relevant now; the more recent of the two was by and at Black Hat Europe 2017: (application/pdf).

Without AMT, they required physical access. Most PCs are woefully unprepared against the sorts of attacks enabled by physical access, and ME is only one entry in a long list of issues.