Evil Academy

Full Version: Seems Genuine: Intel worker spills the beans on CPU spying
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
[Image: C7nBHpTWsAQbfU-.jpg:large]
This sucks. I thought I was a little safer using secure Linux OS'. Now that the cat is out of the bag, it's just a matter of time before hackers find this backdoor and exploit it. It may be a few years but it will happen.
the management engine is on a separate CPU in motherboard!
this is public knowledge actually:

Quote:Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers,[1][2][3][4][5] in order to monitor, maintain, update, upgrade, and repair them.[1] Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents.[1][2]

Hardware-based management works at a different level from software applications, uses a communication channel (through the TCP/IP stack) that is different from software-based communication (which is through the software stack in the operating system). Hardware-based management does not depend on the presence of an OS or locally installed management agent. Hardware-based management has been available on Intel/AMD based computers in the past, but it has largely been limited to auto-configuration using DHCP or BOOTP for dynamic IP address allocation and diskless workstations, as well as wake-on-LAN (WOL) for remotely powering on systems.[6] AMT is not intended to be used by itself; it is intended to be used with a software management application.[1] It gives a management application (and thus, the system administrator who uses it) better access to the PC down the wire, in order to remotely and securely do tasks that are difficult or sometimes impossible when working on a PC that does not have remote functionalities built into it.[1][3][7]

AMT is designed into a secondary (service) processor located on the motherboard,[8] and uses TLS-secured communication and strong encryption to provide additional security.[2] AMT is part of the Intel Management Engine, which is built into PCs with Intel vPro technology.[2] AMT has moved towards increasing support for DMTF Desktop and mobile Architecture for System Hardware (DASH) standards and AMT Release 5.1 and later releases are an implementation of DASH version 1.0/1.1 standards for out-of-band management.[9] AMT provides similar functionality to IPMI, although AMT is designed for client computing systems as compared with the typically server-based IPMI.

Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family.[1][10][11]
Quote:Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip will have a huge security and privacy issue. Intel’s Management Engine is the single most dangerous piece of computer hardware ever created.

Researchers are continuing work on deciphering the inner workings of the ME, and we sincerely hope this Pandora’s Box remains closed. Until then, there’s now a new way to disable Intel’s Management Engine.

Previously, the first iteration of the ME found in GM45 chipsets could be removed. This technique was due to the fact the ME was located on a chip separate from the northbridge. For Core i3/i5/i7 processors, the ME is integrated to the northbridge. Until now, efforts to disable an ME this closely coupled to the CPU have failed. Completely removing the ME from these systems is impossible, however disabling parts of the ME are not. There is one caveat: if the ME’s boot ROM (stored in an SPI Flash) does not find a valid Intel signature, the PC will shut down after 30 minutes.

A few months ago, [Trammell Hudson] discovered erasing the first page of the ME region did not shut down his Thinkpad after 30 minutes. This led [Nicola Corna] and [Frederico Amedeo Izzo] to write a script that uses this exploit. Effectively, ME still thinks it’s running, but it doesn’t actually do anything.

With a BeagleBone, an SOIC-8 chip clip, and a few breakout wires, this script will run and effectively disable the ME. This exploit has only been confirmed to work on Sandy Bridge and Ivy Bridge processors. It should work on Skylake processors, and Haswell and Broadwell are untested.

Separating or disabling the ME from the CPU has been a major focus of the libreboot and coreboot communities. The inability to do so has, until now, made the future prospects of truly free computing platforms grim. The ME is in everything, and CPUs without an ME are getting old. Even though we don’t have the ability to remove the ME, disabling it is the next best thing.

http://hackaday.com/2016/11/28/neutraliz...nt-engine/
Good thing the cheap Chinese made Rockchips have gotten better. I'm pretty sure the Chinese government isn't investing any money installing backdoors on a $20 Android micro PC. If China wants to censor, or spy on anyone, Microsoft just builds them their own OS.
i never knew about this. it's pretty ridiculous how little transparency there is about this management engine
Reference URL's