Intel 'fesses up to 'Spy in the Chip'

[Ed P]

After many years of rumours about the ‘spy/remote controller’ that Intel built into their Management Engine architecture, they have at last confessed to the lesser charge of having a major security vulnerability built into their boards.

Nothing much one can do about it except perhaps buy an AMD Ryzen set-up, or undertake a very hazardous fix to disable this nasty.

Link

[The Duke]

Not often you get to feel smug with 10 year old pc’s lol.

[wasbit]

Ah, is this MINIX?

“MINIX. The Unix-like OS originally developed by Andrew Tanenbaum as an educational tool — to demonstrate operating system programming — is built into every new Intel CPU.

MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).

– https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

 

--
Regards
wasbit

Rig 1: Optiplex 3050 SFF
Rig 2: Asus ROG G20CB (rebuilt wreck)
Rig 3: HP Elitebook 8440P

Dear Starfleet, hate you, hate the Federation, taking Voyager. - Janeway

[Ed P]

Yep – Minix III. link

It is also probably the basis for the remote attacks revealed by Snowdon in which an Intel PC can be completely bricked (currently if the management engine does not run then the PC will not boot). As it gives low level unmonitored access to the IP stack it is also probably the way NSA/GCHQ can do a complete big Brother on any Intel mobo/PC. As usual the danger is now that every bot net manager will be looking to this to increase the size of their control span. The Intel Management Engine is a prime example of the dangers of a Government insisting on hidden back doors.

[Bob Williams]

The Duke wrote:

Not often you get to feel smug with 10 year old pc’s lol.

Or with a low-end AMD M5a78L – M LE- USB3 Mobo that has a low-end FX-6300!

When the Thought Police arrive at your door, think -
I'm out.

[wasbit]

Looks like it’s all kicking off.

Intel: We’ve found severe bugs in secretive Management Engine, affecting millions
– http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/

See if you’re vulnerable:
– https://downloadcenter.intel.com/download/27150

“Intel’s Management Engine is a security hazard, and users need a way to disable it”
– https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it

“Disable Intel ME thanks to the NSA”
– https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html

“Positive Technologies also made its Intel ME 11.x firmware image unpacker utility available on GitHub. Use at your own risk; the methods to disable Intel ME were described as “risky and may damage or destroy your computer.”

 

--
Regards
wasbit

Rig 1: Optiplex 3050 SFF
Rig 2: Asus ROG G20CB (rebuilt wreck)
Rig 3: HP Elitebook 8440P

Dear Starfleet, hate you, hate the Federation, taking Voyager. - Janeway

[Author]

Posts