Slash Boxes

SoylentNews is people

posted by martyb on Monday June 20 2016, @10:12AM   Printer-friendly
from the One-ring-to-bring-them-all-and-in-the-darkness-bind-them... dept.

From Damien Zammit, we have this fun little tidbit:

Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly un-killable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late.

The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.

When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).

On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.

Yeah, and I'm sure they pinky-swear never to allow the NSA access to any computer via it. I'll be using AMD from now on, slower or not, thanks.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by kurenai.tsubasa on Monday June 20 2016, @06:31PM

    by kurenai.tsubasa (5227) on Monday June 20 2016, @06:31PM (#362990) Journal

    And here I thought I was just reducing my power consumption by a tad with my habit of turning off my computer's power strip at night, when I was actually protecting myself from the lizard people!

    Kidding aside, computers for a while now have had various wake features such as wake on lan or wake on timer from "powered off." I'm not a hardware person either, but that means that some part of the mobo is already powered after you've "power off" your computer, no? At any rate, one thing that comes up when looking for advice to minimize power consumption is that pretty much every device is never really "off" these days as long as it's plugged in. Hence, turning the power strip off is the only way to completely prevent a device from sipping on power.

    My phone doesn't have a fan and is quite capable. I'm thinking what you've listed for the most part are valid concerns. I want to say they're far-fetched but as you've observed, all the crazy conspiracy ideas that were tossed around 10 years ago turned out not to be that crazy after all.

    Something I could see as feasible. Given an on-board ethernet port, I suppose this thing could turn on, establish an ethernet link without turning the computer's link light on, do a very basic DHCP request to get an address, and begin executing a program designed to read from some secret ram where it's been storing juicy details and send the details down the pipe but with the "evil bit" set before deactivating. The switch might also detect the "evil bit" and fail to turn on its own link light. Or maybe it negotiates that with an evil frame or something.

    Better check the dnsmasq logs.

    I suppose it could use a protocol other than IP. Imagine that the chip is looking for DHCP responses (or v6 router advertisements). When it gets one, it stores the MAC address of the next hop along with which interface. When the home router DHCPs up to the cable modem, it stores the cable modem's MAC address along with which interface is the next hop. Then the desktop computer, when its secret chip activates, could send the snooped info to which ever MAC address it logged as being its DHCP/IPv6 router upstream. Then the router turns around and does the same thing.

    From there, the ISP could take over getting the info to the lizard people.