261
Disabling Intel’s backdoors on modern laptops (hackaday.com)
submitted 10 months ago by muaveri@lemmy.world to c/technology@lemmy.world
19 comments fedilink hide all child comments
all 23 comments
sorted by: hot top controversial new old
[-] jet@hackertalks.com 61 points 10 months ago

The article really doesn't call out explicitly: The management engine never stops running, turning it off is nearly impossible, and if you do succeed the computer resets in 30 seconds. So this untrusted entity is constantly looking at everything happening, and the best we can do is load some dummy configuration so it doesn't do anything, or perhaps it doesn't do anything, because we don't know.

Having an architecture without the big brother chip sitting on the bus would be a huge huge bonus.

[-] iturnedintoanewt@lemmy.world 13 points 10 months ago

RISCV

[-] Ubermeisters@lemmy.zip 45 points 10 months ago

Just a fancy ad for a brand, with words around it

[-] mypasswordis1234@lemmy.world 3 points 10 months ago

Basic Giga Devices?

[-] Wander@yiffit.net 23 points 10 months ago

Can someone explain what the Intel ME actually does / is? Thank you.

[-] takeda@kbin.social 34 points 10 months ago

Intel Management Engine is a component that has access to your computer on a level that even you, the computer owner, don't have access to. It can be operated remotely, even when your computer is off.

And traditionally you can't even disable it (remember, you're not the trusted party in that mix).

https://en.wikipedia.org/wiki/Intel_Management_Engine

[-] otter@lemmy.ca 23 points 10 months ago* (last edited 10 months ago)

My understanding is that it's meant to be an enterprise tool for Sys admins of business and schools to allow for remote monitoring and troubleshooting, but because it's expensive to make two sets of devices, it's in everything.

Relevant bits from that wiki:

The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.

.

Intel's main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.

.

Critics like the Electronic Frontier Foundation (EFF), Libreboot developers, and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the owner-controlled CPU cores having any knowledge), and has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall.

.

In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the National Security Agency (NSA) budget request for 2013 contained a Sigint Enabling Project with the goal to "Insert vulnerabilities into commercial encryption systems, IT systems, …" and it has been conjectured that Intel ME and AMD Secure Technology might be part of that program

[-] takeda@kbin.social 7 points 10 months ago

So who is using it? Where are tools which allow you to set up and manage the infrastructure? Why it can't be disabled, except hacks, and one undocumented feature requested by NSA, because they did not want it running? It is a backdoor, if it wasn't it would be disabled by default and you would have to pay premium to have that feature enabled.

[-] Brkdncr@artemis.camp 2 points 10 months ago

Enterprise. Intel has a tool that lets you use it but other management services like SCCM and landesk have methods to use amt/vpro.

[-] Draconic_NEO@lemmy.world 26 points 10 months ago* (last edited 10 months ago)

IntelME is an embedded Microcontroller in the Intel Chipset (in the south-bridge chip) which depending on variations in generation, has a multitude of different features such as Active Management Technology used in IT department, clock controls and a few more things.

Because it is closed source there are security concerns about possible vulnerabilities in it which could possibly be exploited, as well as several conspiracy theories about it. Due to that hobbyists as well as certain OEMs have found out ways to disable it in attempt to mitigate these issues.

For more detailed information on it I would highly recommend this video by CCC on the subject, it covers what IntelME does and how it was able to be disabled.

34C3 - Intel ME: Myths and reality (Youtube)

34C3 - Intel ME: Myths and reality (media.ccc.de)

[-] corsicanguppy@lemmy.ca 6 points 10 months ago

AMT is a great way to get a passworded VNC session into the terminal.

[-] Draconic_NEO@lemmy.world 1 points 10 months ago

Well provided your OEM hasn't disabled it, on most of the computers I checked with IntelMEtool (the ones new enough to have IntelME) I found that AMT shows up as disabled on most of them, except for a few.

[-] Amilo159@lemmy.world 23 points 10 months ago

As a tech enthusiast and it support personnel i can tell you this: no one knows, possibly not even Intel.

[-] BarbecueCowboy@kbin.social 5 points 10 months ago

I asked our Intel guy about it once. After you've dealt with vendors and sales engineers for long enough, you start to learn to detect when they have no clue how one of their offerings work. I'm not sure that I've ever heard so many non-specific comments, meaningless buzzwords, and attempts to redirect the conversation.

I didn't get it even a little bit until I found an open source project based on Intel AMT, and that's apparently just a piece of ME.

[-] Amilo159@lemmy.world 1 points 10 months ago

Sounds about right👍

[-] Brkdncr@kbin.social 10 points 10 months ago

It’s used for out of band management. With the correct hardware items (nic and gpu) it’s called vPro. With the proper certificate and supporting infrastructure it can auto-enroll into a management service such as SCCM. It allows companies to remotely view logs, bios settings and other items. With vPro it can include a complete remote KVM solution.

You can disable it from most UEFI settings interfaces without worry of causing other issues.

[-] flying_monkies@kbin.social 6 points 10 months ago

It's a microcontroller that runs within Intel based systems allowing full control access at the processor level. It runs outside of your processor and any time the system is plugged in or is on battery. It doesn't require the main processor up for it to be accessible. More info on it on [wikipedia]https://en.wikipedia.org/wiki/Intel_Management_Engine).

AMD's equivalent is called AMD Secure Technology.

[-] sramder@lemmy.world 21 points 10 months ago

Since that “article” wasn’t a quick search turned up this python script. I haven’t tried it yet, but it seems almost risk free… and if nothing else a decent way to test my motherboards bios recovery routine.

[-] afa@sh.itjust.works 4 points 10 months ago

That just modifies an image, you still need to flash it using something like UEFITool to do the rest, and a good guide to follow.

this post was submitted on 13 Aug 2023
261 points (92.5% liked)

Technology

55755 readers
1331 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world