Slash Boxes

SoylentNews is people

posted by martyb on Monday June 20 2016, @10:12AM   Printer-friendly
from the One-ring-to-bring-them-all-and-in-the-darkness-bind-them... dept.

From Damien Zammit, we have this fun little tidbit:

Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly un-killable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late.

The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.

When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).

On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

Yeah, and I'm sure they pinky-swear never to allow the NSA access to any computer via it. I'll be using AMD from now on, slower or not, thanks.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Monday June 20 2016, @02:49PM

    by DannyB (5839) Subscriber Badge on Monday June 20 2016, @02:49PM (#362902) Journal

    Remote management may be useful. It also may be useful for the government to mandate that every private home has internet security cameras installed that run secret firmware; and then the government graciously allows the home owner to make use of those cameras to remotely monitor their own home. Useful? May be. But that doesn't make it a GOOD thing.

    It's not secret

    Two things. First, something that is not generally well known to the general population, is of huge public interest, and then suddenly explodes into the press, might as well have been a secret. The fact that it was obscurely documented is irrelevant. The fact that a lot of people passionately interested in technology did not know about this should say something about just how secret this is. Some of these are people who follow every tiny announcement and development of motherboards, processors, etc and yet did not know about this non-secret secret.

    Second, even if it were widely published, having well known mandated internet security cameras to be installed in every home doesn't make it a GOOD thing even if it isn't a secret. In Orwell's 1984, the Telescreens weren't a secret either.

    These non-secret engines of invasion, running secret undocumented firmware cannot be a good thing. If it were good for you and something you would want, it would have been widely advertised, loudly. The fact that it was published in an obscure way doesn't mean it wasn't really a secret.

    “But look, you found the notice, didn’t you?” “Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
    A large Starlink satellite constellation will be a smashing success!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2