I remember when TPM modules and BitLocker became standard, starting with laptops. I always suspected Microslop of adding a yet-to-be-discovered back door in their closed source shitshow.
Must be what a pepper feels like when the first nuke drops.
You must log in or # to comment.
Must be what a pepper feels like when the first nuke drops.
It’s long been suspected that both Intels and AMDs flavors of system management engine have backdoors built into them and they run at ring -1 (supposedly at least the Intel one runs a flavor of Minix).
Part of the Snowden leaks showed that the NSA had made exploits for a ton of vendors that abused vulnerable SMEs with special versions for various servers.
I think it was shortly afterwards that Intel downstream OEMs started offering a reduced/partially disabled ME for general government purchases only, which is how some of the custom ME disable projects work.
But the fact that neither Intel nor AMD bothers to explain why the ME needs to exist is insane, especially since it runs at ring -2 above ring -1 where the original boot process starts.
IME having a full network stack is crazy. Imagine telling people they have a complete hardcoded OS running on every machine with complete host and network access.
Someone has paid fat stacks to keep the media quiet, even after the massive vulnerability disclosures.
I heard nonstop reports about spectre and meltdown in the general news for a year, but I never heard a peep about SA-00086 or even the IME much later after its introduction.
At least the AMD system management requires physical access (the AMD PSP does not have a network stack). Intel ME / AMT does have a network stack, and it hides its packets inside the host traffic. That’s the reason of the black holes on many Intel CPUs when listening on ports 16992-16995 (the host does not see incoming traffic to those ports because the AMT intercepts it).
Hmm, do you know what happens if you block those ports on your router so they can’t escape the network or get requests sent to them?
Outgoing traffic would be a random port. Incoming would be blocked by default on all routers. Chances are, if the intel lights out management stuff was phoning home, it would do it on port 443 like the majority of data these days. The ports mentioned above are for unsolicited incoming packets, and that would be blocked at the route level for anything outside your local network.
Surely the traffic is blocked? The firewall in your router can’t know if they came from your CPU OE something else
supposedly at least the Intel one runs a flavor of Minix
Nothing supposed about it, it’s the core of the Intel Management Engine
