Disabling Intel’s backdoors on modern laptops - eviltoast
  • takeda@kbin.social
    link
    fedilink
    arrow-up
    36
    arrow-down
    2
    ·
    1 year ago

    Intel Management Engine is a component that has access to your computer on a level that even you, the computer owner, don’t have access to. It can be operated remotely, even when your computer is off.

    And traditionally you can’t even disable it (remember, you’re not the trusted party in that mix).

    https://en.wikipedia.org/wiki/Intel_Management_Engine

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      23
      ·
      edit-2
      1 year ago

      My understanding is that it’s meant to be an enterprise tool for Sys admins of business and schools to allow for remote monitoring and troubleshooting, but because it’s expensive to make two sets of devices, it’s in everything.

      Relevant bits from that wiki:

      The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.

      .

      Intel’s main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.

      .

      Critics like the Electronic Frontier Foundation (EFF), Libreboot developers, and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the owner-controlled CPU cores having any knowledge), and has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall.

      .

      In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the National Security Agency (NSA) budget request for 2013 contained a Sigint Enabling Project with the goal to “Insert vulnerabilities into commercial encryption systems, IT systems, …” and it has been conjectured that Intel ME and AMD Secure Technology might be part of that program

      • takeda@kbin.social
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        So who is using it? Where are tools which allow you to set up and manage the infrastructure? Why it can’t be disabled, except hacks, and one undocumented feature requested by NSA, because they did not want it running? It is a backdoor, if it wasn’t it would be disabled by default and you would have to pay premium to have that feature enabled.

        • Brkdncr@artemis.camp
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Enterprise. Intel has a tool that lets you use it but other management services like SCCM and landesk have methods to use amt/vpro.