Several popular hardware vendors, including Dell, have started to offer customers the option to buy their products without the Intel ME (Management Engine) – found to contain security holes.
Being the second largest electronic chipmaker in the world hasn’t made Intel immune to security flaws and vulnerabilities. The company issued a security alert in November about a number of flaws affecting Intel’s CPU technology, including ME.
Intel ME, described as a secret OS inside the main Intel CPU, runs independently from the user's main OS and has separate processes, drivers, file systems etc. An attacker who exploits a flaw and gains control over the ME can also control the entire computer.
This has led a few hardware vendors that use the Intel CPU, among them Dell, to take steps so that their customers can either buy products without Intel ME, or they can opt in to receive updates that disable it. Dell is only one of a number of companies selling products affected by the Intel ME flaws – other well-known vendors include Acer, HP and Panasonic.
Identifying security flaws, communicating them and taking action to fix and minimize their effects is important to ensure information privacy and keep your customers’ trust and confidence in your products and services.