Is the 'Secret' Chip In Intel CPUs Really That Dangerous?

New submitter Miche67 writes: A recent Boing Boing blog post by Damien Zammit is stirring up fears, claiming Intel's x86 processors have a secret control mechanism that no one can audit or examine. And because of that, he says it could expose systems to undetectable rootkit attacks that cannot be killed.
Blogger Andy Patrizio, after talking with an Intel spokesperson, says the developer's argument has holes and he doesn't think Zammit will persuade Intel to replace the system with a free, open source option.

So, what we have is an open source crusader scaring the daylights out of people on a giant what-if scenario that even he admits couldn't happen in our lifetimes.

An Intel spokesperson told the publication: While the Intel Management Engine is proprietary and Intel does not share the source code, it is very secure. Intel has a defined set of policies and procedures, managed by a dedicated team, to actively monitor and respond to vulnerabilities identified in released products. In the case of the Intel Management Engine, there are mechanisms in place to address vulnerabilities should the need arise.

who has the RSA private key?

[lkcl]

there is some empirical evidence - nothing concrete that can be shared publicly - which tends to suggest that the RSA private key that Intel uses is already known and in use. if nothing else, you should not be reassured that there have been no "gagging orders" that come out of the U.S. Government on a regular basis, preventing and prohibiting companies from telling anyone that "yes we have had the NSA knocking on our door and yes we were forced to give them the RSA private key because otherwise they threatened that whoops, it would be really hard to get export licenses for our processors".

this kind of threat by security services is not outside the realm of possibility: it already happens, and i have met someone who was present at a meeting (with GCHQ) in which this type of threat to destabilise their business model was actually made.

there is a really simple solution, here: don't buy systems with intel processors. that assumes of course that people are making systems for sale that don't have intel processors... and that's exactly what i'm doing. i'm not one for complaining *without* actually doing something about it, so if you'd like to sign up for the crowdfunding campaign which will launch very shortly, you can do so here - http://crowdsupply.com/eoma68

Brief answer

[Improv]

No. Obviously not and the guy stirring up trouble is either underinformed or irresponsible.

Most of the hardware in your computer isn't something you get (or could get) a gate diagram from. You'd never know if something is in there that theoretically could be triggered to do something. That's the way hardware is. This guy is fussing over a publicly known feature that people are using in the enterprise to manage systems en masse. It doesn't open some magic wormhole to the control system - it requires a clear path of access and a setup and all that fun stuff. Meaning if you want to use IME, you need to set it up on all the systems for your network environment and debug it and build tooling around it. It's not fun to get that stuff right, and often not that easy.

It's not impossible that there's a backdoor in IME, but it's just as easy to imagine a backdoor anywhere else in your system. It's hard to imagine how one could ever be confident that that's not the case. So the focus and the anger is misaimed.

Re:So .. Security by Obscurity.

[arglebargle_xiv]

There's actually a lot of precedent for this sort of thing in the way of ILOM/DRAC/IPMI and similar capabilities. In fact Intel's AMT isn't really news, it's been there for years. A general pattern in all of these systems is the use of crappy old ARM processors, incredibly ancient Linux kernels (2.6.x), unpatched old binaries from God knows where, and coding like it's 1997 (strcpy(), fixed-length buffers, etc). There's lots of material out there on this, e.g. Dan Farmer's take. Oh yeah, and you typically can't disable it, even when you think you've disabled it. My only surprise about all of this is that people are surprised by it.