Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Intel x86s hide another CPU that can take over your machine (you can't audit it)
Zicos ^ | Wednesday June 15, 2016. 02:48 PM | from BoingBoing

Posted on 06/15/2016 7:43:51 PM PDT by Utilizer

The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.

When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).

On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

(Excerpt) Read more at en.zicos.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: computers; computing; hiddenware; intel; security; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-2021-4041-45 next last
To: GraceG

If it had affected AMD, or Micron, or National Panasonic or Matsushita (but I repeat Myself), Toshiba, Cypress Semiconductor, Intersil, Amidon, Xircom, Linear, Fairchild, Atmel, Thompson-Signetics, Harris, Pericom, Motorola, Texas Instruments, Celestica, Analog Devices, Uniden or Silicon Strategies...

I feel quite confident that there would have been at least a passing mention in the article referenced.

Apologies to all the companies I did not specifically name as I only did a swift listing of some of the ones I have enjoyed working with in the past.

Any noted (if necessary) Failure to Mention is entirely due to the faulty memory on this end, and not a reflection of your company’s helpfulness or general policies.

Cheers.


21 posted on 06/15/2016 10:44:15 PM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Utilizer
> ‘Ay! How about a ShoutOut (not the beerguzzlin’ sort now...) for yer mate who originated this thread to begin with??? *grin*

"Oh crap" is my middle name tonight -- I missed that it was your thread and so I apologize! If only there were a way to edit prior comments...

Indeed, this must have taken some detective work... KUDOS!!

I'm packin' it in for the night (almost 2AM) so I'll see ya on the rebound... Cheers!

22 posted on 06/15/2016 10:49:16 PM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 20 | View Replies]

To: Utilizer

Ah... “appreciated”, not “appreciate”, in that sentence...

Sorry. Typing and posting before proofreading again... :(


23 posted on 06/15/2016 11:08:30 PM PDT by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 18 | View Replies]

To: RebelTex

This is not the security problem you think it is.
It allows corporate network support to update software and monitor security leaks from inside corporate networks.
Intel, IBM, MS and probably Apple all use this feature to help manage internal networks.

Its called Vpro


24 posted on 06/15/2016 11:47:31 PM PDT by Zathras
[ Post Reply | Private Reply | To 12 | View Replies]

To: Utilizer

The article is just scaremongering. Intel AMT has been in processors for a very long time and it is disabled by default.

Unless you have an enterprise PC with a BIOS that has it, go into your BIOS, specifically and deliberately turn it on (and it will ask you twice if you want to), and register it to a management server you have nothing to worry about. Connections to AMT require encryption and that BOTH ends trust each other, if the AMT on your system isn’t registered then it trusts no one and nothing.

It’s intended for enterprise customers so that they can remotely manage their assets, not for home consumers.


25 posted on 06/16/2016 12:48:54 AM PDT by WarlordBK
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Oh and if you really want to make sure it can’t be used against you, reset your CMOS.


26 posted on 06/16/2016 12:48:54 AM PDT by WarlordBK
[ Post Reply | Private Reply | To 1 | View Replies]

To: WarlordBK

At least that is what it is SUPPOSED to do.


27 posted on 06/16/2016 1:46:57 AM PDT by HiTech RedNeck (Embrace the Lion of Judah and He will roar for you and teach you to roar too. See my page.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: miliantnutcase

Nutcase is correct. This is part of Intel’s vPro platform. They tried to sell my last company on it but HIPAA regulations got in the way. Seems they decided to just keep it in their architecture rather than redesign.


28 posted on 06/16/2016 2:26:15 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: arl295

iLO and iDRAC are discrete subsystems with dedicated network and chipsets. You can leave the port on the chassis unplugged and its relatively harmless. It’s also configurable in the BIOS. vPRo chipsets are built into the main die and can be called even if the BIOS has it turned off. That was the advantage with it when Intel first pimped it to businesses: users can’t turn it off and neither can the bad guys! Heh

But yes, you are correct that it’s relegated to the business platforms.


29 posted on 06/16/2016 2:30:46 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: minnesota_bound

Exactly what it appears to be... NSA’s “back-door” since the hidden CPU acts as a TCP/IP server functioning even when the computer is in a sleep/power conservation mode. It’s encrypted, so somebody has the keys.


30 posted on 06/16/2016 4:22:59 AM PDT by Tallguy
[ Post Reply | Private Reply | To 8 | View Replies]

To: rarestia

My HP rep kept pushing the tech as well. We have to comply with HIPAA and PCI.


31 posted on 06/16/2016 6:43:57 AM PDT by miliantnutcase
[ Post Reply | Private Reply | To 28 | View Replies]

To: Zathras

Vpro may be designed for easy enterprise network management, but the possibility of abuse does exist.

Even though these chips may only be embedded on business network machines, it’s only a matter of time before personal computers are also compromised under the guise of “protecting your system from hackers and nasty viruses and identity theft”.

Sort of like the POTUS, SCOTUS, and Congress - works very well when honest men are in charge, but otherwise, not so much.

I don’t give the keys to my house or car to my boss, friends, neighbors, or strangers - just common sense.

Personal computers, laptops, and ‘smart’ cell phones hold the “keys” to one’s finacial and ‘legal’ house (reputation and freedom).

Call me paranoid, but it’s a sign of the times.


32 posted on 06/16/2016 7:26:37 AM PDT by RebelTex
[ Post Reply | Private Reply | To 24 | View Replies]

To: miliantnutcase

We’re a PCI and SOX shop here, and we’ve had the Intel mgmt tools locked out on purpose. What our desktop team can’t do with SCCM, they can sneaker-net.


33 posted on 06/16/2016 7:55:10 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 31 | View Replies]

To: RebelTex

I too lean to the paranoid side but Vpro is probably not something to worry too much about.
Most Intel processors do NOT have Vpro even accessible.
Intel charges more for the feature so many vendors choose to save $$$ by not having it.

I worked for 25 years for Intel in microprocessor design.
Part of the feature is in the microprocessor, the other is in chipset.
Not using the correct chipset, disables Vpro completely.


34 posted on 06/16/2016 8:51:43 AM PDT by Zathras
[ Post Reply | Private Reply | To 32 | View Replies]

To: Zathras

Thanks for the info.

Small businesses and independent contractors have reason to be paranoid because of various laws like HIPAA, GLBA, FERPA, PCI, and SOX.

It only takes being subject to one of those laws to incur hefty fines and possible jail time for breaches of security.


35 posted on 06/16/2016 9:16:05 AM PDT by RebelTex
[ Post Reply | Private Reply | To 34 | View Replies]

To: Zathras

Here’s a couple of links about compliance that you might find interesting:

Regulatory Compliance
https://www.praetorian.com/regulatory-compliance

HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security
http://www.darkreading.com/compliance/hipaa-sox-and-pci-the-coming-compliance-crisis-in-it-security/d/d-id/1113516


36 posted on 06/16/2016 9:19:45 AM PDT by RebelTex
[ Post Reply | Private Reply | To 34 | View Replies]

To: RebelTex

Agreed.
All good things to monitor carefully.
The funny thing is the EU had much more stringent privacy laws and over the last year, they seem to be wanting to re-do them to an aggressive nanny state model.

I have one computer with Vpro to understand its issues as it might make a nice tool to upgrade internal security info remotely.
I’m not going to implement it yet until I fully understand all the hooks.


37 posted on 06/16/2016 10:18:27 AM PDT by Zathras
[ Post Reply | Private Reply | To 35 | View Replies]

To: dayglored

Please take me off the PING list. Thanks.


38 posted on 06/16/2016 10:18:36 AM PDT by Extremely Extreme Extremist (MAGA! Make America Great Again)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Zathras

> “I’m not going to implement it yet until I fully understand all the hooks.”

LOL - good idea. Good Luck.

If you discover anything useful, give me a shout (just curious).


39 posted on 06/16/2016 11:49:16 AM PDT by RebelTex
[ Post Reply | Private Reply | To 37 | View Replies]

To: rarestia

Yeah, same we’re an SCCM shop.


40 posted on 06/16/2016 12:06:04 PM PDT by miliantnutcase
[ Post Reply | Private Reply | To 33 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-45 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson