SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. …
... Intel's Management Engine is a hardware and software system designed to provide some remote management features. But it's come under criticism from privacy advocates, security researchers, and the free and open source software community.
That's because Intel Management Engine is basically a mystery. It's software that runs independently of a computer's operating system, which means that even if you wipe the OS, the Management Engine is still there. And there's no good way to know what it's doing.
The risks aren't just theoretical – Intel recently acknowledged a security vulnerability affecting nearly every PC that shipped with a 6th, 7th, or 8th-gen Intel Core processor. While the company is working with PC makers to roll out updates to patch that vulnerability, it wouldn't even exist if Intel hadn't bundled a feature many users don't need and won't use with its latest chips.
System76 are making a similar move:
System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware. Intel recently confirmed a major security vulnerability affecting those chips and it’s working with …
Source: https://liliputing.com/2017/12/dell-also-sells-laptops-intel-management-engine-disabled.html
Source: https://liliputing.com/2017/11/system76-will-disable-intel-management-engine-linux-laptops.html
(Score: 4, Interesting) by bradley13 on Wednesday December 06 2017, @07:45PM (5 children)
You're right, of course, but for the moment disabling is the only option.
However, having a big manufacturer like Dell disabling the engine is a huge pile of egg in Intel's face. Add in the undoubtedly exciting reactions from customers like the government, and many large businesses, and it is possible that Intel will rethink the whole concept. Offer the ME only to people who actually want it. Even better, of course, would be to eliminate it entirely. Wake-on-LAN and similar functions could be handled with relative simple hardware - there's just no need to have an entire operating system running in there.
Why Intel ever thought this was a good idea? Frankly, it reminds me of the VW emissions scandal. "No one will ever notice, if we just stay quiet" becomes "No one will find any security holes, if we never publish the code". Stupid, really.
Meanwhile, I'm sure the ME is now under attack by zillions of hackers. How long until they find the backdoor the government asked Intel to install? Odd are good that there is one...
Everyone is somebody else's weirdo.
(Score: 3, Interesting) by Runaway1956 on Wednesday December 06 2017, @08:18PM (3 children)
Well, Frank, it reminds me of Intel's own decision, years ago, to force every Intel chip to identify itself with a unique identifier in all communications with the outside world. https://www.wired.com/2000/04/intel-nixes-chip-tracking-id/ [wired.com] Despite any claims to the contrary, that identifier was ideal for regimes wanting to squash dissidents, fascist corporations wanting to kill piracy, or even stalkers slurping data on their victims. Imagine, every forum such as this, forced to query your intel identifier, and to post that identifier as part of your user name. Instead of Bradley13, you might be BradleyATPO490B715Q99 because that identity was supplied by your CPU when you registered. Given the opportunity, there are government agencies who would be happy to mandate that everyone is identified in such a manner. Goodbye anonymity!
On the up side, those agencies wouldn't really need all those backdoors they want into our machines. Hell, if we're identifying ourselves in full with every post we ever make, there won't be much need to hack into our machines!
(Score: 0) by Anonymous Coward on Thursday December 07 2017, @02:02AM (1 child)
That CPUID was simply replaced by motherboard bios serials, hard drive serials, memory dimm serials, video card serial ids, and ethernet mac addresses?
After people won on the CPUID front nobody made enough of a ruckus, and even *IF* the cpu doesn't have a hidden cpuid instruction still operating within it somewhere for government types to interrogate, every other facet of the system does. And if they can get one of those, nevermind 3 of them, they can identify pretty much every person using a computer unless *ALL* computer purchases were used and made with cash.
I've had this concern for a number of years and it was one of the secondary reasons I quite playing MMOs. Any application with root or administrator level access can poll both the DMI information block (mobo, memory, and sometimes hdd serials) from the bios, as well as the AMD/Nvidia GUID, as well as the network hardware address (which may even be available to unprivileged users on many systems, such as linux and windows, read-only even as an unprivileged user!) Any one of these can determine the original OEM owner of the device if they paid with a credit card, or went to a store, like fry's or microcenter, that requires your name/phone number when ordering a behind the counter item, which cpu, memory, motherboard, video card and hard disks may be, depending on store and pricing. Excluding of course loss prevention videofeeds that could easily be (if they are not already) sent to the FBI/NSA for facial recognition along with purchasing records. Facial recognition may not be that accurate by itself, but if you combine it with nearby matches and a database of 'verified' hits along with historical drivers license/passport photos and any time a person purchased using credit card, or with identifying information tied via in store sales desk purchases, you can quickly narrow it down to real hits and tie the hardware to them.
This doesn't stop criminals/used hardware purchasers from staying under the radar, but it helps keep track of the sheeple who are usually considered the far bigger 'actual' threat, since there aren't enough criminals to rebel against the system, but if the plebs ever start, then having a historical record of their hardware so you can either falsify or more than likely find something legitimate to prosecute them over which can all be tied together with their hardware serial numbers and in-store video feeds.
(Score: 0) by Anonymous Coward on Thursday December 07 2017, @02:29AM
More people share PCs than phones. Android Apps can have access to the IMEI if they are given the android.permission.READ_PHONE_STATE
Similar for iphone...
And millions of people merrily give apps the permission:
https://www.gizmodo.com.au/2017/01/meitus-app-permissions-arent-automatically-a-black-flag-but-you-should-be-careful/ [gizmodo.com.au]
(Score: 0) by Anonymous Coward on Thursday December 07 2017, @03:43PM
Today browsers would have a DOM API call to read the cpuid.
(Score: 3, Interesting) by Arik on Thursday December 07 2017, @12:45AM
Well it's already been cracked. https://www.dvhardware.net/article67664.html
It runs Minix btw.
Now just imagine if Tannenbaum had been smart enough to use the GPL.
If laughter is the best medicine, who are the best doctors?