Thread replies: 13
Thread images: 2
Thread images: 2
File: defcon-2.png (7KB, 250x250px) Image search:
[Google]
7KB, 250x250px
AMT is an auxiliary processor built into the high-end Intel Q chipsets with an i5 or i7 CPU. We don't know whether it is present in the cheaper H, Z, and B chipsets. It runs software loaded from a binary blob at an early stage in the process of booting the machine.
The AMT processor has total control over the machine. Here are some of the things it has the ability to do, remotely over a network:
>power control
>BIOS configuration and upgrade
>disk wipe
>system re-installation
>console access (VNC)
The AMT runs even when the computer is powered off, as long as the machine is plugged into a power outlet."
Intel is fully and completely compromised.
There's no fix for this and all Intel machines should be considered absolutely compromised.
What are our options?
Links:
https://hardware.slashdot.org/story/17/05/07/2034245/intels-remote-hijacking-flaw-was-worse-than-anyone-thought
https://fsf.org/blogs/community/active-management-technology
>>
the same shit is going on with AMD and everyone already knows that. we can't do shit because there is no 3rd company to buy from
>>
>>60308938
save money and create our own processor?
ask government to help?
>>
Buy a Raspberry Pi.
Install Linux on it with Full Disk Encryption.
Subscribe to a VPN.
Use it for everything except gaming.
Keep the Intel machine as a "PC-Console" only for gaming.
And remove any AV input from it (no Webcam, no Mic).
>>
>>60309021
Link?
>>
>>60309082
doesn't arm have same backdoor?
>>
>>60309096
https://libreboot.org/faq.html#amd
>>
Does someone knows if ARM cpus suffers from the same issue?
>>
>>60309098
>>60309175
No, but someone that works with ARM chips could add it.
>>60309082
Raspberry Pi is still way too slow for daily usage. An old machine with something like a C2D might be better.
>>
Only is problem if your machine supports amt. consumer motherboards do not. Enterprise lines do, such as dell optiplex and precision .
>>
>>60308938
AMT is a feature not a processor, the processor is called THEN ME and is physically there on all of them, whether AMT is enabled or can be enabled is the question.
>>60309255
It's likely the only thing preventing AMT from being enabled on any consumer machine are a few fuses that prevent firmware being installed that utilize AMT. Anyone who could produce a modified firmware that ignores those fuses could make enable AMT on any Intel machine. This would require getting into the target machine already to deliver the firmware but would allow a virtually unblockable backdoor.
>>
>>60311536
Where did that "THEN" come from, fuckin phone
>>
File: 1494309944351.jpg (247KB, 960x1200px) Image search:
[Google]
247KB, 960x1200px
>>60308938
Intel Active Management Technology is a name given to the software frontend and firmware/hardware backend that is the Intel Management Engine. The ME is the real problem, since it's built into the die of the CPU in everything after the Core2 models, IIRC. The ME itself does hardware init, so removal of ME firmware from the flash ROM that also holds the BIOS or physical destruction of the ME chip will result in a nonfunctional CPU, as in it just doesn't boot. The ME operates below any other hardware or software, even the main CPU cores, and it can shut them off individually or throttle them (which is why most Intel CPUs are probably the same thing, just limited by software and sold for less). The ME has it's own network stack and it can access all of the data in RAM and on your hard drives, and even rewrite its own firmware. No memory is safe from the ME.
The ME itself is not compromised, but merely some frontend software that can be used for remote management. Just go to the BIOS settings and shut off wake on LAN, network boot, and any other remote control bullshit features.
Thread posts: 13
Thread images: 2
Thread images: 2