7 replies to this topic

[Brito]

As you might have noted, there is a second CPU included with each machine that runs Intel.

 

This CPU seems capable of doing a quite a lot on its own and at the same much is left undocumented to the public. When we talk about securing our machines, you can have the best antivirus in the world but still have this one CPU with unrestricted access to your machine.

 

There was recently a presentation that helps to disable the co-processor, you find the PDF at: https://github.com/p... of your PC.pdf

 

Anyone willing to give it a try?

 

 

[TheHive]

Wondering! If AMD includes something similar. If not, seems to be a real alternative in the future.

 

Just like when Sony was at top, once upon a Time, but they just had to add things to their equipment to keep the end user from using their newly bought item the way they want. Rootkit! Anyone.

[wean_irdeh]

Wondering! If AMD includes something similar. If not, seems to be a real alternative in the future.
 
Just like when Sony was at top, once upon a Time, but they just had to add things to their equipment to keep the end user from using their newly bought item the way they want. Rootkit! Anyone.

AMD also includes PSP, it's basically an ARM TrustZone core with complete access to entire RAM, thus it's impossible to run without any proprietary blobs

The only x86 left is VIA, wondering if anybody could run libreboot in it

The rootkit actually happen inside BMG, by the time the rootkit was discovered, Sony is still merging with BMG, thus when the merging completed, Sony had to pay amy consequences that BMG caused

[homes32]

I disagree with the presentation calling it "Hidden". intel makes no effort to hide the fact and the management engine isn't anything new, servers and higher end MB have had remote management for years ILO (HP), IMM2 (IBM), iDRAC (Dell). vPro was meant for increased management of clients in an enterprise environment (imagine 100's of PC's to manage across a geographically diverse area). I don't like the whole DRM thing with the audio and video pathways being wedged in there but honestly, how do you expect stuff like lojack, remote wipe, and remote startup/management to work without a processor with access to low level functions and active even when the main CPU is powered down?

[homes32]

here is another interesting artical of disabling.

http://hackaday.com/...agement-engine/

 

Really the takeaway on stuff like ME is that yes, it is useful and has legitimate purpose, but the fact that it is so closed off and you can't disable it is a problem. What happens after a couple years and intel stops supporting/patching that specific CPU and an exploit is discovered? You have no option to disable it and are forced to accept the risk or buy a new CPU and supporting hardware.

[Brito]

What happens after a couple years and intel stops supporting/patching that specific CPU and an exploit is discovered?

 

True. You are actually the first person that I see making such accurate remark. Not that home laptops will mater, but hospitals and other infrastructure don't update their hardware. They will be completely open for attack.

[homes32]

Of all the methods listed in the PDF, soft disable looks safest, and can be reversed if necessary. Any idea how to do this particular method in layman's terms?

Use the BIOS option if it exists.

The other option is to write directly to the MI register before POST is finished, which means you will most likley be using a serial debugger attached to the MB. Not really a laymans undertaking.