Intel ME & AMD PSP: The Hidden Backdoors in Your Hardware

Listen to this Post

Featured Image

Introduction

Intel Management Engine (ME) and AMD’s Platform Security Processor (PSP) are proprietary firmware components embedded in modern CPUs, operating independently of the main OS. These subsystems have full network access—even when the system is powered off—raising serious security and privacy concerns. This article explores their risks, mitigation techniques, and tools to disable or audit them.

Learning Objectives

  • Understand how Intel ME and AMD PSP function as potential backdoors.
  • Learn methods to detect and disable these subsystems.
  • Explore security best practices for mitigating firmware-level threats.

1. Detecting Intel ME/AMD PSP Presence

Linux Command to Check Intel ME Status

sudo dmidecode | grep -A 10 "Management Engine"

What This Does:

– `dmidecode` retrieves system firmware information.
– The `grep` command filters for Intel ME details.

Steps:

1. Open a terminal.

  1. Run the command with `sudo` for elevated privileges.

3. Review output for ME version and status.

Windows PowerShell Command for AMD PSP

Get-WmiObject -Namespace root\cimv2 -Class Win32_Processor | Select-Object -Property Name, Manufacturer

What This Does:

  • Queries the processor for manufacturer details (AMD systems likely have PSP).

Steps:

1. Launch PowerShell as Administrator.

2. Execute the command.

  1. Check if the manufacturer is AMD (indicating PSP presence).

2. Disabling Intel ME with `me_cleaner`

GitHub Tool for ME Removal

🔗 https://github.com/corna/me_cleaner

What This Does:

  • Partially removes Intel ME firmware blobs, reducing attack surface.

Steps:

1. Clone the repository:

git clone https://github.com/corna/me_cleaner.git

2. Dump ME firmware (requires `flashrom`):

sudo flashrom -p internal -r bios_dump.rom

3. Clean the firmware:

python3 me_cleaner.py bios_dump.rom

4. Reflash the modified firmware (use with caution).

3. Firmware Hardening via UEFI Settings

Disabling ME in UEFI/BIOS

  1. Reboot and enter BIOS (usually `Del` or F2).

2. Navigate to Advanced > Chipset Configuration.

  1. Look for Intel ME State and disable it.

4. Save and exit.

⚠️ Warning: Some systems may fail to boot if ME is fully disabled.

4. Monitoring ME/PSP Network Activity

Linux Network Traffic Inspection

sudo tcpdump -i any -nn -v port 623 or port 664

What This Does:

  • Captures traffic on Intel ME’s default ports (623 for AMT, 664 for Redfish).

Steps:

1. Install `tcpdump` if missing:

sudo apt install tcpdump

2. Run the command and inspect suspicious connections.

5. Mitigating AMD PSP Risks

Coreboot as an Alternative Firmware

🔗 https://www.coreboot.org/

What This Does:

  • Replaces proprietary PSP firmware with open-source alternatives (where supported).

Steps:

1. Check hardware compatibility on Coreboot’s site.

2. Follow the build and flash instructions carefully.

What Undercode Say

  • Key Takeaway 1: Intel ME and AMD PSP are opaque, privileged subsystems that bypass OS security controls.
  • Key Takeaway 2: Disabling them may improve security but can cause instability—always test in a lab first.

Analysis:

These firmware backdoors highlight the growing risks of supply-chain attacks. Nation-state actors and advanced malware (e.g., LoJax) have exploited ME/PSP for persistence. Enterprises should enforce strict firmware update policies and consider open-source alternatives where feasible.

Prediction

As firmware attacks escalate, regulatory bodies may mandate transparency in proprietary firmware. Future exploits could target cloud providers via compromised hardware, making firmware integrity verification a critical security frontier.

Would you like deeper dives into BIOS/UEFI security or hands-on exploit demos? Let us know in the comments! 🔍💻

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Sam Bent – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky