Stories
Slash Boxes
Comments

SoylentNews is people

The Intel Management Engine, and How it Stops Screenshots

posted by janrinok on Sunday January 04 2015, @06:26PM   Printer-friendly
from the you-might-have-paid,-but-it's-not-your-computer dept.

tonyPick writes:

Over at Hackernews is a link to a discussion on how the Intel Management Engine (ME) is preventing screenshots, by bypassing the host CPU.

If you're on an Intel machine that you've purchased in the past 2-3 years, that computer almost certainly has an Intel Management Engine. You might not know what that is, and that's okay. You may also be unaware that the operating system on your computer could be leveraging features in the Intel Management Engine when consuming DRM Media.

This links to a blog posting on the Intel ME in response to Rosyna Keller's twitter posting about being unable to take screenshots from Netflix (The Rosyna of the article title).

The core of the technical detail is taken from Igor Skochinsky's presentation on the ME (PDF Link) . The article raises the questions over the position of the ME in the system and the security implications of the ME subverting the host machine hardware outside of the main processor:

Given that the ME sits in a position where it can configure the chipset and operate on the PCI bus, there are some serious security implications here I wish I could mitigate. Among them is the ability of the ME to run arbitrary code on the host CPU via option ROMs or presenting a disk-drive to boot from. Also among those abilities is the possibility to perform DMA to access host CPU memory. And another one is the ability to configure and use PCI devices present in the system (such as the ethernet card).

 
This discussion has been archived. No new comments can be posted.
The Intel Management Engine, and How it Stops Screenshots | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday January 04 2015, @08:25PM

    by Anonymous Coward on Sunday January 04 2015, @08:25PM (#131656)

    analog hole, bitches.

  • (Score: 2) by Bot on Sunday January 04 2015, @10:13PM

    by Bot (3902) on Sunday January 04 2015, @10:13PM (#131684) Journal

    That's why DRM needs to be integrated everywhere. This is the point of the whole exercise probably.
    The same system that produces propaganda masked as entertainment produces control masked as "rights management".

    --
    Account abandoned.

  • (Score: 0) by Anonymous Coward on Monday January 05 2015, @02:25AM

    by Anonymous Coward on Monday January 05 2015, @02:25AM (#131728)

    The government closed the analog hole for printing money. It's only a matter of time until the media companies start pushing for all cameras to include firmware that prevents a picture from being taken if it sees a specific watermark. It won't be an advertised feature.

  • (Score: 3, Interesting) by TheRaven on Monday January 05 2015, @01:36PM

    by TheRaven (270) on Monday January 05 2015, @01:36PM (#131834) Journal
    The point of this is not DRM - it would be painfully slow for such tasks. It's being able to run trusted software on an untrusted OS. One users of it is an internet banking app, that allows you to enter your pin in a way that is completely impossible for the OS (and therefore any malware running on the OS), to capture.
    --
    sudo mod me up

    • (Score: 3, Interesting) by Hairyfeet on Monday January 05 2015, @05:17PM

      by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Monday January 05 2015, @05:17PM (#131897) Journal

      Considering there are already known exploits in the wild for this thing? That would probably be a very very BAD idea.

      --
      ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.