Submitted via IRC for TheMightyBuzzard
Since 2008, most of Intel's chipsets have contained a tiny homunculus computer called the "Management Engine" (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.
[...] EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
It's a crying shame the what the EFF says doesn't hold a whole lot of weight.
Source: The Electronic Frontier Foundation
(Score: 2) by kaszz on Monday May 15 2017, @04:48PM
Non standard, non x86 is good but also requires a lot of replication work (compiling and setup).
PCI, Firewire, PCMCIA, PC Card, ExpressCard and Thunderbolt all support direct DMA without CPU initiation, just a tip. Which would enable you to verify contents. But don't trust the computer to present you with the correct data through DMA either. Another hint is "lost clock cycles" or SMI# pin activation.
As for network. You can probably fool the management engine by rewriting the PCI registers into that the NIC really.. is a joystick device. Then just modify the network driver to interpretate that code as a NIC. The result is hopefully that whenever these backdoors wants to phone-home. There is no network. Another level is to leave the OS without network and have your application rewritten to communicate using other means. It could be as simple as running the mailer SMTP chat directly over asynchronous RS-232.
Even better yet is to ditch all chips that you can't certify is alright.