Over at Hackernews is a link to a discussion on how the Intel Management Engine (ME) is preventing screenshots, by bypassing the host CPU.
If you're on an Intel machine that you've purchased in the past 2-3 years, that computer almost certainly has an Intel Management Engine. You might not know what that is, and that's okay. You may also be unaware that the operating system on your computer could be leveraging features in the Intel Management Engine when consuming DRM Media.
This links to a blog posting on the Intel ME in response to Rosyna Keller's twitter posting about being unable to take screenshots from Netflix (The Rosyna of the article title).
The core of the technical detail is taken from Igor Skochinsky's presentation on the ME (PDF Link) . The article raises the questions over the position of the ME in the system and the security implications of the ME subverting the host machine hardware outside of the main processor:
Given that the ME sits in a position where it can configure the chipset and operate on the PCI bus, there are some serious security implications here I wish I could mitigate. Among them is the ability of the ME to run arbitrary code on the host CPU via option ROMs or presenting a disk-drive to boot from. Also among those abilities is the possibility to perform DMA to access host CPU memory. And another one is the ability to configure and use PCI devices present in the system (such as the ethernet card).
(Score: 2) by arashi no garou on Sunday January 04 2015, @10:02PM
I've said in another article discussion that it can easily be turned off, but the tinfoil hat crowd here argues that it can't. I've disabled it myself on two different Intel Core systems under my watch. They can tell me all day long that I "didn't really" disable it, and all I can do is shake my head in bafflement. Morons will be morons.
(Score: 0) by Anonymous Coward on Sunday January 04 2015, @11:00PM
No it's a valid concern wondering if you can really disable it. As stated in the technical documents this cpu inside the main cpu is on a trust level above the main cpu, so turning it off in the bios might only just tell it 'okay lets not make ourselves visible to the cpu and the os anymore yet still run'.
What i find scary is that it is still ON even if the rest of the machine is off, to turn it off you have to completely remove power from the system for half a minute.
(Score: 3, Insightful) by Anonymous Coward on Monday January 05 2015, @01:31AM
In this case, those "morons" know more about it than you do. As noted, there are actually exploits [wikipedia.org] that work for it even when it is disabled in the BIOS.
This is a separate processor that shares the bus with your Intel processor, and which you cannot directly control. Those work because there is actually no way to turn it off. It boots before your system comes up, and remains active even when your PC is in "sleep" mode. In addition, it has the ability to mediate your "normal" processor's view of its own memory, and it uses that capability to hide "protected" memory areas from your normal processor under certain situations. It is also capable of directly accessing your network card without your OS being aware of it - also even when your PC is supposedly in sleep mode. See Igor Skochinsky's presentation (PDF linked in the article) for more details.
(Score: 2) by arashi no garou on Monday January 05 2015, @02:16AM
I would say to that, "unplug power and Ethernet from your computer if you're that worried about it", but then I'd be slammed with theories about how it can pull trickle power from the aether and send out signals via the GSM modem that is somehow hidden on the die, antenna and all.
A far simpler answer is "don't buy Intel", but there's probably also a tinfoil theory about AMD and ARM processors scanning our brain waves, trying to control our thoughts, just waiting to refute that option as well.
(Score: 2, Informative) by Anonymous Coward on Monday January 05 2015, @02:44AM
It can use wireless. There's 4 citations about it on Wikipedia: https://en.wikipedia.org/wiki/Intel_Active_Management_Technolog [wikipedia.org]
It's a feature. The theory being you can remotely cut off or fix a compromised computer before the rootkit/virus loads. The undocumented feature being law enforcement or hackers could have the computer send/receive anything without detection from the host. Anytime for ethernet connections or only when on for wireless connections, both before the OS starts.
(Score: 4, Informative) by FatPhil on Monday January 05 2015, @03:52AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by kaszz on Monday January 05 2015, @06:05AM
Locate the part of the chip die responsible and fry it by physical means?
(Score: 1) by boltronics on Tuesday January 06 2015, @02:00AM
That's one option. If you don't want the machine to ever boot again.
It's GNU/Linux dammit!
(Score: 2) by kaszz on Tuesday January 06 2015, @02:18AM
The fine print is to find the exact right spot to burn with a laser etc..
(Score: 2, Insightful) by boltronics on Tuesday January 06 2015, @02:39AM
My understanding is that it's a prerequisite for the machine to even boot. So if that chip doesn't initialize, the CPU won't do anything.
The code is encrypted by RSA 2048 IIRC, which is why it's so difficult to reverse engineer. If you could just wipe it (presumably effectively the same as damaging the chip) and avoid the danger, I'm sure hackers would be doing that already.
It's GNU/Linux dammit!
(Score: 2) by kaszz on Tuesday January 06 2015, @02:50AM
Any idea how to screw this kind of chips?
(Score: 1) by boltronics on Tuesday January 06 2015, @03:01AM
Without Intel's help, you'd have to crack the encryption and reverse-engineer how it works so the software can be replaced. I think I read somewhere that we have the ability to replace the code if we learn how to build a replacement.
It's GNU/Linux dammit!
(Score: 2) by kaszz on Tuesday January 06 2015, @03:10AM
"if we learn how to build a replacement"
Why is that step required?
(Score: 1) by boltronics on Tuesday January 06 2015, @03:42AM
Presumably we don't have specifications? Which is why we need either Intel's help or the ability to reverse-engineer the exisiting binary to figure it out.
Happy for someone working on this to correct me if I'm misunderstanding the situation.
It's GNU/Linux dammit!
(Score: 0) by Anonymous Coward on Monday January 05 2015, @05:12AM
Not letting you turn it off is step two.
And we all know step 3.
(Score: 0) by Anonymous Coward on Monday January 05 2015, @08:52AM
No. Actually, we don't know step 3.
But step 4 is Profit!
(Score: 1) by modest on Monday January 05 2015, @06:49PM
Those freedom-loving hackers with the libreboot [libreboot.org] project are working hard to fix things for anyone concerned.