Intel Patches Remote Execution Hole That's Been Hidden In Its Chips Since 2008

Chris Williams reports via The Register: Intel processor chipsets have, for roughly the past nine years, harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with virtually undetectable spyware and other malicious code. Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products." That means hackers exploiting the flaw can silently snoop on a vulnerable machine's users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access. These management features have been available in various Intel chipsets for years, starting with the Nehalem Core i7 in 2008, all the way up to Kaby Lake Core parts in 2017. According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was found and reported in March by Maksim Malyutin at Embedi. To get the patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, or try the mitigations here. These updates are hoped to arrive within the next few weeks.

Despite Hanlon's razor ...

I can't help but wonder how many moles CIA/NSA have in tech companies?

Read

NSA/GCHQ retire old abilities as windows 10 gains market share.

Just because you're paranoid

Doesn't mean they aren't out to get you. For this many years it had to be an NSA hole. Remote + network exploit working on pretty much every machine.

Re:Just because you're paranoid

[ArmoredDragon]

You'd have to turn on AMT to begin with in order for this to work.

Re:Just because you're paranoid

[BlueStrat]

You'd have to turn on AMT to begin with in order for this to work.

Are you absolutely positive AMT cannot be remotely activated? Given the circumstances and who might be involved in this exploit existing and/or remaining unpatched for such a long time, I wouldn't trust that clicking to un-check that AMT box disables all of it, especially if the vulnerability was deliberate.

This makes me wonder what vulnerability nastiness has remained undiscovered/unreported (intentionally baked-in?) about AMD CPUs and chipsets. You know the TLAs wouldn't ignore AMD.

Strat

Re: Just because you're paranoid

[Type44Q]

Mod patent up! Indeed, the word's been that AMD has been ignored, either...

Re: Just because you're paranoid

[Type44Q]

...hasN'T.

Re:Just because you're paranoid

If you can wake up a PC with Wake-On-LAN "magic packets", who knows what other magic packets are out there..

There have been people who have tried removing AMT by wiping the firmware flash ROMS but some bits need to be present for the boot-up to perform correctly.

Re:Just because you're paranoid

[networkBoy]

If you turn ME off in BIOS then it doesn't load anything above the primitives to get the system up and running, no higher kernel functions, and certainly no AMT code.
In other news, I owe several people here an apology, as I've stood up for my former employer in the past. I still stand by that they took security seriously, but obviously something big got through.
I worked on ME and this is in AMT (A component of ME, but developed by a different team; in Israel, not US... though the entire shooting match is over there now since they shuttered the US side).

So... time for me to go grab a hunk of humble pie.

Re:Just because you're paranoid

[Greyfox]

It sounds like, "in order for this to work remotely", however the post reads to me as if a local exploit exists, even if AMT is disabled.

Re:Just because you're paranoid

[BlueStrat]

If you turn ME off in BIOS then it doesn't load anything above the primitives to get the system up and running, no higher kernel functions, and certainly no AMT code.

Sorry, but we're to simply trust you on this? I don't think so, nothing personal. Since everything is intentionally made extremely difficult to access in order to confirm what AMT may or may not be capable of, the only sane choice is not to trust it. I know I don't. I don't trust AMD either. I never put any data I truly wish to stay secure on an internet-connected machine. You may as well put it on a thumbdrive and mail it to NSA HQ and save some tax dollars.

The DHS needs to be abolished, their leaders and employees blackballed from any government job or office for life, the CIA and NSA need a top-to-bottom purging with their people facing the same restrictions as the newly-unemployed DHS jackboots, and new people and new & effective checks on their powers and scope put in place.

It's either suffer the pain of dealing with the out-of-control US intelligence/domestic law enforcement agencies and departments now, or wait until the US goes full surveillance/police state. At the rate things have been moving, time is likely growing short until that happens.

Strat

Re:Just because you're paranoid

[peawormsworth]

The DHS needs to be abolished ... the CIA and NSA need a top-to-bottom purging ... checks on their powers and scope put in place.

Great post. This is exactly what Trump should do. Instead of complaining about how he was personally effected by Democrat eavesdropping, he should expand this to a fight for all citizens to once again feel free and not like a suspect under investigation.

That really would make America great. And it might just win him a lot of support.

Re:Just because you're paranoid

[Blymie]

I just realised, that 'government job or office' might not be strict enough.

Imagine these clowns, fired, looking for work.

Where might they work next? And who would benefit from their knowledge?

Blame SemiAccurate

[Khyber]

According to them, they've been trying to get Intel to patch this for YEARS, and apparently they never bothered to practice responsible public disclosure in order to force intels hand.

Re:Blame SemiAccurate

[Entropy_ajb]

That's because SemiAccurate never found an actual bug. Charlie was just concerned about the capabilities of the ME, and that there could be a bug one day. He tried for years to get Intel to just get rid of the ME not to fix any specific bug. You can decide if he was right or not based on this bug.

It is important to note that based on what has been released so far, you had to opt into to using ME in its full mode to be affected. If you just bought a random PC your system isn't vulnerable.

Re:Blame SemiAccurate

Eh, most people figured the entire thing was dreamed up by the NSA as soon as they learned what it did and how it worked.

Re:Blame SemiAccurate

[93+Escort+Wagon]

It is important to note that based on what has been released so far, you had to opt into to using ME in its full mode to be affected. If you just bought a random PC your system isn't vulnerable.

I don't think that's quite accurate. It sounds to me like if you "just bought a random PC", your system isn't remotely vulnerable... but this can still be exploited by an attacker with physical access to your system.

Re:Blame SemiAccurate

[MachineShedFred]

It's likely, they would just need to hit the hotkey to configure the management engine during POST. But, if they have physical access, you're already had anyway unless you encrypt your disk and have passwords enabled everywhere possible by the fact that they could just image the drive and walk away.

Re:Blame SemiAccurate

5 seconds at boot time, vs pulling a machine apart is a different level of physical access.
While I agree with the sentiment, it changes the level of vigilance needed when showing a prospective employee, or some other outsider around your office. A determined attacker could restart your sysadmin, or some other high-up's PC while they were away from their desk and their host's back was turned. If you're in that level of security, it opens up a vector that you didn't have to worry about before.

Re:Blame SemiAccurate

[butzwonker]

if they have physical access, you're already had anyway unless you encrypt your disk and have passwords enabled everywhere

Access to ME also allows access to the contents of encrypted disks, via direct memory access while the host operating system is reading and writing them and by grabbing the keys used from memory. That's a huge difference.

Re: Blame SemiAccurate

Even worse, semiaccurate claims that, even after years, nothing they did prompted this action. Presumably someone else with knowledge about it, possibly a three letter agency, requested they fix it. If it was a TLA, that means the details may have been compromised.

Re:Blame SemiAccurate

This only works if the keys are ever decrypted in the first place.

So to get into a random computer with the vulnerability and encryption:

1. Physical access to turn on ME
2. Wait for user to enter valid passphrase/password
3. Pull keys from memory

This isn't a new ability. The old way was:

1. Image disk & Plant keylogger (Physical access)
2. Wait for user to enter valid credentials
3. Use them on your imaged copy

there isn't a shortcut to decrypt the keys for the encrypted disks without valid credentials. They don't simply sit decrypted in memory prior to you unlocking the disk.

Great...

Since hardware manufacturers are obviously not going to provide updated firmware to all their products, it would be great if OS providers would patch this.

Re:Great...

[molarmass192]

I think you're confusing drivers with firmware. Firmware is a binary blob specific to the device hardware, in this case the Intel Chipset. It's completely unrelated to the OS. It'd be like asking the electric company to set the clock on your microwave.

Re:Great...

[viperidaenz]

Apparently you just have to make sure the LMS service in Windows is not installed or is disabled. Or not run Windows? That's the software that passes the requests to the firmware.

Re: Great...

[Brockmire]

If you ask them right at 12:00, they could!

Re:Great...

[MachineShedFred]

How is Microsoft going to patch something happening in the hardware underneath their OS, without the OS knowing anything about it? In case you haven't played with Intel AMT or vPro, it has some pretty amazing capabilities for remote management, including being able to persist remote control sessions across OS reboots, including being able to enter BIOS / uEFI setup and make changes, as well as mount an ISO image from a network volume as a 'physical' disk and boot off of it.

How could an OS that isn't even running patch that?

Re:Great...

[Tanktalus]

When it *is* running, it could apply the firmware to the BIOS/UEFI system. This may require a reboot somewhere in the middle, but so be it. And then the system would be safe.

Of course, that greatly simplifies the concept since every motherboard has its own variation on BIOS/UEFI. As long as we're dreaming of ponies and rainbows, yeah, this would be nice. But I can see it being a huge headache for MS or Linux distros to manage.

And just think about the poor saps running Hackintosh systems... no way Apple is going to ship firmware for non-Apple-branded systems! :)

Re:Great...

[kbg]

No you are actually incorrect. It is common for the operating system to update bugs in specific firmware. For example the microcode for the CPU can either be updated by flashing the BIOS or through an OS update.

Re:Great...

[Gadget_Guy]

Apparently you just have to make sure the LMS service in Windows is not installed or is disabled. Or not run Windows? That's the software that passes the requests to the firmware.

Not according to this analysis:

When AMT is enabled, any packets sent to the machine's wired network port on port 16992 or 16993 will be redirected to the ME and passed on to AMT - the OS never sees these packets. AMT provides a web UI that allows you to do things like reboot a machine, provide remote install media or even (if the OS is configured appropriately) get a remote console.

So the firmware is intercepting the traffic before the OS gets it. Turning off the LMS service would stop the remote console, but not the ability to reboot the machine into a remote ISO. At that point, your files would be visible unless you encrypted your drive.

As for not running Windows, that won't help. Further down the page linked above, it has instructions for Linux on how to see whether you are vulnerable. It also says:

However, an attacker who enables emulated serial support may be able to use that to configure grub to enable serial console. Remote graphical console seems to be problematic under Linux but some people claim to have it working, so an attacker would be able to interact with your graphical console as if you were physically present. Yes, this is terrifying.

Re:Great...

The intel management works below the OS, no amount of patching could fix a hardware vulnerability like this.

Re:Great...

[swillden]

But I can see it being a huge headache for MS or Linux distros to manage.

As well as being certain to break some number of PCs. If stuff goes wrong and your machine won't boot after you apply a firmware update, that's between you and the maker of your machine / motherboard. If your OS decides to do it, even with your approval, then the OS maker is also on the hook.

Re:Great...

[networkBoy]

Intel has a tool called Firmware update local (fwupdlclw.exe / fwupdlcl.exe) that can update the ME without a reboot of the host OS.
Fun trivia, someone in marketing tried naming it "Intel Firmware Update" and started wondering why all the engineers started laughing our arses off.
Anyway, this tool and a binary image could be deployed via windows update easily enough.

Re:Great...

[viperidaenz]

Except this article is about https://nvd.nist.gov/vuln/deta... which is a local unprivileged user gaining access to AMT via LMS

Turning off LMS mitigates this vulnerability.

The source you quote also says this:

How certain are you about any of this?
Not hugely

Re:Great...

[Gadget_Guy]

LMS does allow local applications to talk to AMT, but the vulnerability exists over the network whether you have LMS or not.

According to Intel's disclosure (upon which your linked page was based), the correct way to fix this vulnerability is to update the firmware. If you can't do that then you are directed to unprovision the Intel manageability SKU to prevent network attacks and then disable LMS to mitigate against local attacks. From the INTEL-SA-00075 Mitigation Guide :

These mitigations are intended to prevent unauthorized activation and use of Intel manageability SKUs, Intel® Active Management Technology (Intel® AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT) that have not applied the firmware update addressing the vulnerability.
...
Intel highly recommends that the first step in all mitigation paths is to unprovision the Intel manageability SKU to address the network privilege escalation vulnerability. For provisioned systems, unprovisioning must be performed prior to disabling or removing the LMS.

So the original advice that disabling LMS is all you need to do (or not run Windows) was incorrect as it may lead people to believe that they are safe when they can still be affected by network intrusions.

Explain to me

how this is not the worst bug of all time? Most every intel system there is will be vulnerable to this exploit, and how many companies are going to even be aware of this thing let alone patch it. At least with operating system software you could apply a patch immediately.

Re:Explain to me

It doesn't affect consumer grade PCs, only business grade PCs with Intel's remote management enabled.

Re:Explain to me

This one doesn't, at least.

Re:Explain to me

[EzInKy]

A vulnerability that affects all other chips would be much worse. At least we all have a choice in which architectures we use.

Re:Explain to me

[sexconker]

Every single Intel CPU has this hardware. The business SKUs just have it enabled. It's still there with the same blob, likely with the same vulnerability.

Re:Explain to me

[currently_awake]

Is this a mistake, or a backdoor? If it's deliberate then there should be some way to remotely enable it on computers where it's turned off.

Re:Explain to me

[MachineShedFred]

There is remote provisioning for Intel ME / Intel vPro, but it's not the easiest thing in the world to set up, much less spoof. For example, you would need to have a certificate signed by a public provider that is specifically signed for Intel ME provisioning, and the domain on that cert needs to match the domain being offered by DHCP on the network. This ensures that a public CA has basically signed off on your ownership of that domain, and that you also own your network to a decent degree by controlling the infrastructure.

Can all of that be beaten? Probably. But at that point there's probably far easier exploits to take advantage of.

Re:Explain to me

[WaffleMonster]

There is remote provisioning for Intel ME / Intel vPro, but it's not the easiest thing in the world to set up, much less spoof. For example, you would need to have a certificate signed by a public provider that is specifically signed for Intel ME provisioning, and the domain on that cert needs to match the domain being offered by DHCP on the network. This ensures that a public CA has basically signed off on your ownership of that domain, and that you also own your network to a decent degree by controlling the infrastructure.

DHCP is not a secure protocol so no point in even mentioning it.

The ability to legitimately obtain a certificate in exchange for money or illegitimately obtain it by compromising ANYONE who has one is hardly what I would consider an insurmountable hurdle... Barely qualifies as a speed bump for a targeted attack.

Is there even a useful revocation procedure for known fraudulently obtained or compromised certs clients are REQUIRED to follow prior to getting 0wn3d?

Can all of that be beaten?

All of what?

Re:Explain to me

sc delete LMS
Ok not really a patch, but for consumers it'll work

Re:Explain to me

[Gadget_Guy]

Every single Intel CPU has this hardware. The business SKUs just have it enabled. It's still there with the same blob, likely with the same vulnerability.

I would same that it is unlikely that the lowest of Celerons has all the features of the highest Xeon CPU with just some flags to turn off things like vPro. And I think that it is unlikely that they all have the same vulnerability when the security advisory explicitly states that:

This vulnerability does not exist on Intel-based consumer PCs.

Re:Explain to me

[butzwonker]

Wait a minute. This (partly intentional) flaw affects practically every Intel-based PC since 2008 and some platforms since 2006. It's true that if you have remote management disabled it appears to lead to local exploits only at first sight, but there are many reasons to believe that even with the option disabled remote exploits may become possible. ME allows the running of signed Java programs on a completely separate core, which are sent via ethernet and have full access to memory and i/o controllers, it can be used to side-channel attack disk encryption and the probability that there is a serious bug that allows for remote exploits in such a complex infrastructure is also fairly high.

Re:Explain to me

[Khyber]

It does exist on intel consumer PCs and this was confirmed over at HN.

Re:Explain to me

[Gadget_Guy]

Have you got a link for that?

Re:Explain to me

[sexconker]

Is there even a useful revocation procedure for known fraudulently obtained or compromised certs clients are REQUIRED to follow prior to getting 0wn3d?

Yeah. Update your firmware. LOL.

How's the AMT/ME shit going to know about a revoked cert? Yeah, it has full network access, but it might not have access to a DNS server to check a URL for revocation. It might be firewalled off from the net (and given the dangerous nature of this thing, it should be). So, yup. Bad cert from a shitty CA, and someone within your network = you are fucked.

Re:Explain to me

[sexconker]

People have x-rayed these things. The hardware is still there.

Re:Explain to me

[Khyber]

The three threads about it are off the HN front page but if you find them the comments dive right into it. It also happens to exist on my consumer DV9000 and DV7 laptops, I checked by simply pinging the ports with those machines off and yet connected to my wired network.

"Security Flaw"

I think you mean "CIA backdoor".

Re:"Security Flaw"

I think you mean "Mossad backdoor". Intel designs their chips in Israel.

Not surprised

No phone, computer, router, or any internet connected device has ever been allowed to get sold (at least in the U.S.) without intentional holes and backdoors approved by the 3 letter agencies, period.

Re:Not surprised

I trust Chinese-made hardware much more than *anything* US-made.

At least I know the PLA doesn't give a rats ass about what I'm doing on my devices or who I am. The USG can inflict much more pain on a US Citizen than a person sitting behind a computer in China can.

Re:Not surprised

Why do you idiots always assume that the US would be the only country interested in spying? You think Intel is a US company? Think again.

Re:Not surprised

I wrote that AC comment, no need to stoop to name calling. I assume all governments want full ability to have control of people as much as possible. I chose not to speak for the rest of the world's countries.

Re: Not surprised

How can you possibly read GPS post and assume I was saying only the US tries to spy?

It says that at the very least, anything sold in the US, the US agencies can get into.

Perhaps other agencies can get into things sold into their own country, and maybe even friendly nations can get into everything sold in the US, but none of that is stated either way in what you're responding to.

Re:Not surprised

Intel is a US company.

Re:Not surprised

The actual chips are likely made in the USA, no matter what the label says. They "package" them from chips made in the 14nm factories for various legal reasons (read: taxes). https://en.wikipedia.org/wiki/List_of_Intel_manufacturing_sites Who wants to bet that the list of 4 countries (although mostly USA sites) isn't just a coincidence? Countries like China and Israel wanting physical presence so they can get their hooks into your employees and assets, if you don't play ball. Or you can just not sell them there, and China can just replace you (although unlikely for 14nm process, this is true for many businesses). Quite frankly, I'd be surprised if India hasn't tried this too, and just hasn't gotten their way, yet.

Re:Not surprised

Israel's team absolutely does design. It isn't Costa Rica or whatever where they do a specific task.

http://www.timesofisrael.com/h...

Nine years, eh?

[Ungrounded+Lightning]

Isn't that about how log I've been griping on Slashdot about AMT?

Re:Nine years, eh?

[MatthiasF]

What's the big deal? Just turn it off in the BIOS.

Not like anyone outside the LAN can break into your computer using AMT unless you have a really messed up router/firewall configuration.

And I believe most laptops have it off by default, which is good because having it on while joining public wireless is a really bad idea.

Re:Nine years, eh?

[Narcocide]

... unless you have a really messed up router/firewall configuration.

You mean, like one that uses Intel chips?

Re:Nine years, eh?

[Ungrounded+Lightning]

What's the big deal? Just turn it off in the BIOS.

Then how do you know it's really off?

Also: I see to recall documents that said it didn't turn off. Instead it went back to the new-machine configuration, where it would respond to the first comer with adequate credentials to introduce itself as the IT department of its new owner, just getting around to welcoming it to the network and givig it its first configuration.

Re:Nine years, eh?

[WaffleMonster]

What's the big deal? Just turn it off in the BIOS.

Oh nothing... just forgotten computer within a computer listening on wireless and wired Ethernet interfaces that is never updated and has total access to everything. Nothing to be concerned about.

Not like anyone outside the LAN can break into your computer using AMT unless you have a really messed up router/firewall configuration.

Good point. I mean all consumer routers are secure and can't be hacked with ease to perpetrate such a hack.

AMT is NOT defective by design because even when the system is working properly as designed I have to buy a cert from a valid certificate authority and broadcast DHCP on your LAN with domain corresponding to my cert to own you. This makes AMT secure.

And I believe most laptops have it off by default, which is good because having it on while joining public wireless is a really bad idea.

The first I ever heard about this AMT shit I was pulling my hair out trying to figure out how the F*** ports were open on my laptop computer that don't even show up in the F**** stack. When the ports remained open even after booting a Linux live distro I was even more pissed off... the last straw was when the ports remained open when the computer was turned off....F***** O..F..F...

Oh and by the way you can't disable AMT... there is no option to do that in the bios anywhere and believe me I've looked... the best you can do is disable the MMU which is used to virtualize hardware access so the NICs can be shared by both computers at the same time.

Re:Nine years, eh?

[MachineShedFred]

Every system ships with it turned off unless you have some kind of VAR service that images your system and turns it on before you receive it.

It's far more likely that if you have implemented the use of this stuff on your network, that you have an automatic provisioning process to turn it on when it first hits the network.

Re: Nine years, eh?

Log 10 or log e?

Re:Nine years, eh?

What's wrong with the Alternative Minimum Tax?

Re:Nine years, eh?

I checked 2 server today that have never had AMT enabled in BIOS. One on Ubuntu 16.04 has an empty directory in /sys/class/mei, another on Ubuntu 14.04 has nothing, so from the OS it does not appear to be enabled. I also checked a workstation that was just updated to Ubuntu 17.04, which was a bit concerning, as the /sys/class/mei directory was populated, making me suspicious that it was in fact enabled. All three machines are actively rejecting connections on 16992 (as opposed to passively timing out as you'd expect if it was really completely disabled). So it seems disabling it in BIOS still has it bound to the port, and is a software switch that rejects connections, so could still be open to exploits.

Re:Nine years, eh?

[networkBoy]

No, that's if you unprovision it.
Turning it off in BIOS basically makes it brain dead.
It still loads the lower functions so it can do CPU uCode patch, PMC, and similar, but none of the application level stuff even boots up.

Re:Nine years, eh?

[networkBoy]

*most* BIOS's have the ability to turn ME off.

Re:Nine years, eh?

[Ungrounded+Lightning]

Turning it off in BIOS basically makes it brain dead.
It still loads the lower functions so it can do CPU uCode patch, PMC, and similar, but none of the application level stuff even boots up.

How do we KNOW that?

It's got the port open. If it's really off, why is it open? It's don't SOMETHING with it.

How do we know. for instamce, that turning it off in the BIOS doesn't just make it useless for the owner's IT organization, but still functional when, say, the NSA does the right "port knocking" or other secret-society ritual to tell it that it's time to let the spy in through the back door?

Can you show us the code, and tell us how to check if that's what's really loaded? No, you can't, can you?

Re:Nine years, eh?

In which case, the IME sits in an idle / dormant state waiting for a 'wake up' packet on a specific port before it turns itself fully on again.

No reports exist of a motherboard that allows you to totally (and completely) turn off the ME through their BIOS / UEFI options.

IME needs to be blown wide open with all the normies getting owned. Intel needs a PR disaster larger than Windows 10 spying.

Re:Nine years, eh?

[MatthiasF]

AMT isn't standard in consumer-grade north-bridges, so almost all of your fear-mongering is irrational and without merit.

And I really don't believe your story since almost every laptop with AMT I have ever touched (over two hundred at this point) came with AMT turned off by default.

Especially when you said you disabled your processor's MMU? Are you just randomly googling computer acronyms and using them in your rant? Because there is no logical reason to disable the memory management unit on a standard PC or laptop. It will hurt performance big time and does not protect you from anything.

Re:Nine years, eh?

Especially when you said you disabled your processor's MMU? Are you just randomly googling computer acronyms and using them in your rant? Because there is no logical reason to disable the memory management unit on a standard PC or laptop. It will hurt performance big time and does not protect you from anything.

Anybody who knows anything knew that he meant the IOMMU. You also appear to be under the impression that disabling the MMU is something you can do on a standard PC which will only hurt performance. Apart from that, thanks for contributing your expert knowledge in such a humble fashion.

Was always a backdoor

Keep in mind that this is a security hole in a system that was always backdoored by Intel.

It's a separate CPU with its own network connection, outside the control of the main CPU, it has full access to all the system and it was put in place deliberately by Intel. It communicates using SOAP over HTTP or HTTPS.

It has been in all server and business chips FROM INTEL for years now....

It can kill a PC, it can wipe harddisks (killing encryption keys used to access encrypted disks), it can read everything, do anything, rewrite the processor software, bypass any encryption and any security.

Hardware vendors had access to this for years.
So NSA would have had access to this for years.
Russian FSB would have had access to this for years.
China would have had access to this for years.

And now every hacker has access.

When you backdoor technology you end up with bad actors putting Orange Julius in office.

Re:Was always a backdoor

So NSA would have had access to this for years.
Russian FSB would have had access to this for years.
China would have had access to this for years.

Hmm.. You forgot to mention the intelligence agency of the country most likely to exploit this "backdoor". In fact, some other posters are doing the same thing. I wonder why.

Re:Was always a backdoor

What part of NSA did you miss?

Re:Was always a backdoor

[Gr8Apes]

So NSA would have had access to this for years. Russian FSB would have had access to this for years. China would have had access to this for years.

Hmm.. You forgot to mention the intelligence agency of the country most likely to exploit this "backdoor". In fact, some other posters are doing the same thing. I wonder why.

They listed the top 3? How are you going to rank them?

Re:Was always a backdoor

I think he/she meant Mosad of Israel.
Intel has been designing chips in Israel since Intel Core in 2006.

Re:Was always a backdoor

[WaffleMonster]

Please shut the fuck up, you're only spreading disinformation.

What part of it is technically inaccurate?

AMT is a killer feature for businesses. It allows full remote management and recovery of headless servers. It's not a backdoor, it's a frontdoor. The feature has never been hidden, it's been advertised.

Oh god what year is this? Let me help you.
https://en.wikipedia.org/wiki/...

Crying about Intel is part of your disinformation. You're acting like only Intel does this. AMD does it too as well as some of the smaller companies. It's an extremely useful feature.

Let me help you.
https://en.wikipedia.org/wiki/...

However, the companies know the risks (or just want to charge you more for more features) so you have to enable it. You can buy the machines pre-enabled or you can enable it yourself, but it's not enabled by default on consumer PCs. This bug only effects systems with AMT turned on.

I'm a consumer. It came listening on TCP ports on my computer and I sure as f*** never turned it on.

Re:Was always a backdoor

[Z80a]

Okay, can you audit the contents of the firmware of AMT to be sure it don't have any sort of backdoor or truly disable it?

Re:Was always a backdoor

[thegarbz]

It has been in all server and business chips FROM INTEL for years now....

Due to customer demand. They all got sick of paying 3rd party motherboard vendors for the same feature.

Re:Was always a backdoor

This. We're not looking at a bug, we're looking at a feature. One designed to spy on us in an (almost) undetectable manner and which uses strong encryption to boot. Somehow I doubt we're going to see Teresa May calling this "unacceptable" in the UK or James Comey or that NSA shill idiot Dianne Feinstein calling for an investigation into how this could possibly have happened.

Re:Was always a backdoor

[squiggleslash]

The AC is actually right, but that said, if you bought a consumer PC, and AMT came fully enabled, with the web console running, without you needing to change settings in the BIOS, please post the name of the company that made it here, so the rest of us knows who to avoid in future.

Re:Was always a backdoor

[squiggleslash]

A modern Intel CPU contains anything from half a billion to over 1.4 BILLION transistors. If Intel made it easy to audit the AMT firmware, you still wouldn't be able to guarantee a CPU isn't free of backdoors inserted by bad actors.

Indeed, if I were inserting a backdoor into a CPU, AMT isn't really how I'd do it. It actively takes effort to make AMT accessible over the Internet. I can think of a number of ways to make a backdoor more useful to intelligence or law enforcement agencies. Imagine a CPU that, upon seeing a particular fingerprint in its L1 cache, makes an outgoing connection to a given IP address, and opens a console to it. You could compromise your CPU just by downloading an image, even if served over SSL, even if not visible in your browser, that contains the fingerprint.

AMT is flawed, but it's a poor fit for the intentional back door for malicious third parties its louder critics claim it is.

Re:Was always a backdoor

[ArchieBunker]

You do know this feature has been in non x86/64 boxes for years right?

Re:Was always a backdoor

> Please shut the fuck up, you're only spreading disinformation. AMT is a killer feature for businesses

No, to say that AMT is a useful feature for business is just a lie. I have managed remotely various servers for more than twenty years and I have never seen a use case for AMT. Of course that was because all those servers were running other operating systems than Windows.

AMT & ME, like the System Management mode, are just ugly and inefficient workarounds for the fact that Microsoft was not willing to include in its operating systems all the features and the reliability required for remote management.

There exists absolutely no excuse for Intel & AMD to not provide the ability to disable ME with a hardware jumper, for those customers that either do not use Windows or do not need remote management.

If Intel would have been really interested in improving remote management, they would have standardized a BIOS API to get & set all the BIOS settings and they also would have imposed the requirement that any new computer with the default BIOS settings must be able to boot from any USB memory or from the network when no USB memory is detected.

Because of the lack of standardization for BIOS, the only operation that I ever had to do non-remotely is configuring the BIOS for any new motherboard.

Whoever is so stupid that he will erase the operating system, so he will need to reinstall it by AMT, or who will install an operating system in such a way that a non-privileged user would be able to erase it, requiring thus AMT, should never try to manage anything remotely. For a hardware failure, AMT is useless anyway, as someone must go there and replace the failed part.

Re:Was always a backdoor

Please shut the fuck up, you're only spreading disinformation.

This comment brought to you by Intel public relations department, damage control division.

Captcha: shills

Re:Was always a backdoor

[BronsCon]

Because of the lack of standardization for BIOS, the only operation that I ever had to do non-remotely is configuring the BIOS for any new motherboard.

There's your use case for AMT, right there. That, and reinstalling the OS. Oh, and booting from an ISO to run things like Memtest86 and other offline diagnostic software. Basically anything where you may need to interact with the system before the OS has booted.

That said, I don't believe it's worth the risk to enable AMT and make it accessible over the public internet, but you weren't asking for that, you were seeking use cases and I gave you a handful.

Re:Was always a backdoor

Your proposal does not have plausible deniability, and once it is discovered and published, it's game over. It's a terrible idea.

The current implementation of AMT has plausible deniability.

Re:Was always a backdoor

Hmm.. You forgot to mention the intelligence agency of the country most likely to exploit this "backdoor".

Most likely? How do you get above the 100% likely of the countries already mentioned? And can you explain why this mysterious "most likely" country shouldn't use tools every other country is using?

Re:Was always a backdoor

[Holi]

Let's not forget you have to enable it to be affected so calling it a hidden backdoor is hyperbole at it's best and fraudulent at the worst.

"How bad is this
That depends. Unless you've explicitly enabled AMT at any point, you're probably fine. The drivers that allow
local users to provision the system would require administrative rights to install, so as long as you don't have
them installed then the only local users who can do anything are the ones who are admins anyway. If you do have it enabled, though"


http://mjg59.dreamwidth.org/48...

machine's manufacturer

What if my "machine" doesn't have a manufacturer and was hand assembled by me?

Re: machine's manufacturer

Wrote your own BIOS? Made your own CPU? If not, you're living in a fool's paradise if you think this doesn't affect you too. Intel can get into your computer, access your credit cards and passwords, and then order gender reassignment surgery for you. You won't know what happened until you wake up in post-op.

Re: machine's manufacturer

[nedlohs]

Then you'll have to check the schematics you used when you hand assembled your motherboard and wrote the all the firmware for it and see what things you enabled.

Re: machine's manufacturer

[currently_awake]

You forgot the part about making your own integrated circuits. An IC is a black box.

Re: machine's manufacturer

Good luck hiring a foundry to make your ICs, they've already been caught inserting modifications into design. You'll have to cook up your own wafers and cut them yourself.

Re: machine's manufacturer

So wait, which manufacturer should I contact?
The one of my motherboard? (ASUS)
The one who made the CPU? (intel)
Some other manufacturer?
What the fuck is meant by "machine" in the summary?

Re: machine's manufacturer

[nedlohs]

The price you pay for buying components instead of paying someone else to construct them is that working that out is now your problem.

Machine means the computer as a whole and whom you bought it from. Since you effectively bought it from yourself the company to contact would be yourself. In turn you'd likely pass yourself along to the motherboard manufacturer since that would be where the enabling and disabling of CPU features and chipset choices would be.

More information please!

* Does this affect every PC, or just people who bought special "business class" computers?

* If it affects all PCs, does "pester your machine's manufacturer for a firmware update" mean the same thing as "check your motherboard manufacturer's website for a patch," or does it imply that you're SOL if you built your own PC from parts?

* Intel's patch is Windows only. Does it affect Linux, or is Intel just being lazy?

* Should I tell my family to buy new PCs if their old PCs are out of warranty?

Re:More information please!

[jmccue]

Some help is here

http://mjg59.dreamwidth.org/48...

That was in one of the articles

Re:More information please!

It infects pretty much all PCs with an Intel NIC or WiFi chip. The scariest thing to me is the Linux manpages that suggest configuring the virtual serial port it provides as a securetty so you can conveniently use it to gain remote root access.

Re:More information please!

If your system doesn't support AMT (which, if you're not running a "business-class" machine, it almost definitely does not because that's a special feature you need to pay extra to get), then it doesn't affect you.

Re:More information please!

The URL in this post has the most useful info out of everything I've read on the subject.

Thanks.

Re:More information please!

[threephaseboy]

You'd still need the root password, so it's not bad advice, since the connection through AMT is (theoretically) secured through other means.

Re:More information please!

If your system doesn't support AMT (which, if you're not running a "business-class" machine, it almost definitely does not because that's a special feature you need to pay extra to get), then it doesn't affect you.

Will somebody please MOD the Parent UP? This is quite correct. From the Intel AMT Product Page a processor with their "vPro" feature set is required to support the AMT function. Without that extra "advanced technology" built into the chip, which as the parent said you have to pay extra for, it would be impossible to exploit this bug because the feature lacks the hardware on the chip needed to make AMT work. So unless you paid extra for "vPro" on your desktop or have selected models of the Xeon processor, which is very expensive and aimed at businesses and not individual users, you almost certainly don't have AMT capability and are thus immune.

Re:More information please!

That's very nice to post the link, but it doesn't respond to the questions.
Unfortunately, the response is fairly blunt.
You have no way of knowing anyway - your machine could be borked from the get-go, and you have no way of finding out or not.
If it has been borked already, then the "borking" can be concealed on a whim already.
Since firmware, hardware, software, netware are all fiercely guarded IP, you have no legal "rights" to even know if you have standing.

RMS shows his wisdom again.

As stated in your linked article: "Users ought to have full control over what's running on their systems".

Since you have never had full control over any of it so far, and the current modern trend is to dispose of all control completely (e.g. facebook), there's not much hope of giving you any confidence. Better not to go down the rabbit hole if you don't really want to fnid any rabbits.

However, your author also says he's not "hugely" confident of anything and is "not an expert".
Pinch of salt, and all :)

Re:More information please!

it would be impossible to exploit this bug because the feature lacks the hardware on the chip needed to make AMT work. So unless you paid extra for "vPro" on your desktop or have selected models of the Xeon processor, which is very expensive and aimed at businesses and not individual users, you almost certainly don't have AMT capability and are thus immune.

I don't know... fabrication can be somewhat strange in that variation is costly, usually all chips are the same and things are selectively enabled and performance binned, they even stick an extra bunch of redundant RTL on there so they can implement fixes in microcode, at that level the cost is not in the eched cuircits existing, it's the development and testing of them.

This matters because ME is on every chip, if AMT hardware is also there but not enabled then other chips could still be vulnerable.
  ("enabled" is just firmware)

Re:More information please!

[butzwonker]

The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via /dev/mei.[33]

Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]

Quote from Wikipedia Article

More info: Hackaday article, on attempts to neutralizing it, Slides by Igor Skochinsky, CCC talk by Jana Rutkowska, short 2016 hackaday article. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.

To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.

Re:More information please!

If your system doesn't support AMT (which, if you're not running a "business-class" machine, it almost definitely does not because that's a special feature you need to pay extra to get), then it doesn't affect you.

AMT is included in every Intel processor sold today. It requires motherboard and network chipset support, but a large portion of consumer devices have Intel supplied chipsets for those too, which are almost certainly enabled for it. What you are talking about is the public-key based Enterprise features, which you need to license separately (usually through the management software that you purchase). But the basics are there - try connecting to your machine on a browser from another machine (from localhost won't work, it needs to come in through the ethernet or wifi adapter) on port 16992. If it acts differently from other random ports that have no service running on them, then your machine has everything it needs to run AMT.

Re:Brought to you by

Thankfully, things like the Raspberry pi are becoming powerful enough and ubiquitous enough that we now have the option of using hardware completely free of the Microsoft-Intel taint.

Vote with your wallet

Now that AMD has released Ryzen you once again have the freedom of choice in the x86 space. The only way Intel will ever changes its ways is if people vote with their wallets and support competition.

Re: Vote with your wallet

The AMD version is called Platform Security Processor (PSP), and it is also active everywhere just like ME.

EULA on a critical backdoor??

[lkcl]

"try the mitigations here".... you mean the ones that force you to sign a EULA?? is intel having a laugh?

wait this is a OOB like IPMI and not scanned ?

[johnjones]

So this would have to be provisioned...

its like IPMI (DRAC)

(from wikipedia https://en.wikipedia.org/wiki/Intel_Active_Management_Technology)

"The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).The ME also communicates with the host via PCI interface.Under Linux, communication between the host and the ME is done via /dev/mei "

so you would have to be completely insane to enable this and not be aware on a server, however -
" AMT is designed for client computing systems as compared with the typically server-based IPMI. "

so all those windows deployments are going to have to do an audit...

Apple laptops AFAIK do not enable this...

have fun auditing this if you manage a windows fleet !

regards

John Jones

https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf

Has been know for years!

And is a big part of why I only run Penryns and Wolfdales. Kicker here is it is almost as if Intel put this hole in deliberately for the NSA or anyone in the know to drive a truck through! There is something to be said about being a cheapskate that runs older tech. You notice that the upscale server chips did not have this hole but the consumer grade stuff past core two duo seems to have been constructed in such a way that even a boot uefi setup can be compromised.

Default password = admin

[eric31415927]

The CTRL-p menu (after much of the booting had taken place) brought me to a AMT/ME screen where I could turn AMT off after entering a password.
The default password is "admin" which worked with my refurbished HP Xeon box. I have since changed the password.

Re:Default password = admin

The ctrl+p hotkey does not work on all HP laptops. Even when entering the bios menu (F10) or any system setup, the AMT configuration is omitted and does not even show, but when booting into linux, lcpci indeed shows the management engine exists in hardware. Windows device manager shows it as well.

HP deliberately disabled this in "non-business" computer models.

Re:Default password = admin

[Khyber]

"HP deliberately disabled this in "non-business" computer models."

HP may have disabled it but it still exists and runs. Even my DV9000 and DV7 still have ports 16992 and 16993 actively listening on my network when turned off.

Wrong!!!!

[Excelcia]

The affected LMS service is enabled and run at startup by default in Windows 10.

RTFA it's a backdoor

Yes, it has the advertised features etc. But it also has a backdoor for unauthorized parties to simply take control of your system.

It may always be on even when it claims to be off

You can turn AMT on over the net if it is off. That means the security CPU is always looking for the magic packets. If this exploit makes use of that code, there may be no fix for a large number of old computers. There are talks about this thing at every security conference I've been to.

EFF - CLASS ACTION LAWSUIT

... need we say more?

If they think it's hard

If they think it's hard for people to keep their OS up to date man... There will be malware exploiting this for the next 5 years at least

Do you care about Matroshka processors?

[epine]

Interesting.

I just watched Rudolf Marek: AMD x86 SMU firmware analysis yesterday afternoon.
slides

These slides are related to the talk, but might not be an exact match.

Funny anecdote: someone got Linux running on an ARM chip inside a disk drive. That would be really useful for beating up on the algorithms inside Intel's new Optame, er, Optane Memory.

Exploit already in the wild since 2 years or more

My Toshiba which has a high end i7 quad-core CPU was bricked by someone on the net because of this bug. It is a personal laptop which is used only by myself. My laptop would shutdown in less than 30 minutes, the technician told me it is the IME inside my laptop. He connected a raspberry pi with an alligator clip to my Toshiba to disable this stuff. He told me earlier CPU's are easier to disable because IME is not in northbridge and was easy to unsolder. This AMT and IME is a kill switch which is both under the control of Microsoft and Intel.

Lucky for me, the technician was updated and he knew how to get rid of this stuff on my machine, but it hurts my pocket a bit just to recover this mess brought by IME.

Wrong title in this article

It should be "Win10 machines vulnerable to AMT firmware attacks", since this LMS feature is enabled on all Win10 machines by default.

Do you think this was accidental?

It's funny how many critical security flaws are so devious that they allow state-actors to just walk right in, and when they're found they stick out like sore thumbs. This here is exactly why you shouldn't buy CPUs from NSA-CIA-Intel.

Re:Do you think this was accidental?

They all follow the same pattern: network related, have GUI components that don't actually disable functionality, hardwired ports and IP addresses.

I've seen these plenty of times with Linux; the GUI menus don't actually send the hardware (wifi) the switch off command, but just toggle the GUI button. I had a Linux laptop that would spontaneously connect with DLink wi-fi routers even when networking was disabled at the Gnome menu level.

Re:Do you think this was accidental?

[Archtech]

This here is exactly why you shouldn't buy CPUs from NSA-CIA-Intel.

From whom, then?

Actually, right!!!!

[Gadget_Guy]

The affected LMS service is enabled and run at startup by default in Windows 10.

Only if you have a CPU and motherboard chipset with vPro, which very few of them do. I had a look at some of the entries on Intel's list of Skylake desktop products for the consumer-level products, but got bored trying to find which of the CPUs had vPro support. I ended up looking at the motherboard chipsets, and only the Q170 supports it. The Z170, H170, Q150, B150, and H110 chipsets do not.

The original poster's point stands, that this does not affect consumer-grade PCs. Most people can happily ignore this vulnerability.

Re:Actually, right!!!!

The original poster's point stands, that this does not affect consumer-grade PCs. Most people can happily ignore this vulnerability.

Why is this user's Thinkpad listening on AMT ports, meaning exposing an AMT attack surface, even with AMT turned off?

I don't see why the AMT ME software should expose an attack surface that may contain bugs even when it's turned off. We've seen NSA hide backdoors behind plausible bugs, both on Linux ('if uid = 0') and Juniper (DUAL_EC_DRBG), so strange technical choices that increase attack surface are suspicious: it looks like they are presenting a front door for a vulnerability we haven't discovered yet. Even regardless of intent, it does increase risk for no reason, but I think the lack of trust is justified here.

Re:Actually, right!!!!

[Gadget_Guy]

Why is this user's Thinkpad listening on AMT ports, meaning exposing an AMT attack surface, even with AMT turned off?

My guess would be that AMT isn't actually turned off, but that remote access is disabled because a strong password has yet to be set. I would also say that a work-supplied laptop that is called the Lenovo ThinkPad T430s Business Laptop may not necessarily qualify as being a "consumer-grade PC" (although I guess some models did come with Windows Home edition).

Obligatory:Intel CPU Backdoor Report (May 1 2017)

Aka I FUCKING TOLD YOU SO.

Obligatory:Intel CPU Backdoor Report (May 1sts 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

Newest update: On May 1st 2017, under pressure from the Vault 7 leak, Intel released a "Critical" security bulletin , admitting Intel Core CPU from 1st gen to 7th gen (2006-2017) all share the same critical vulnerability.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."

"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."

"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."

"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Inte

Re:Brought to you by

LOL you said taint.

Re:Brought to you by

Coming soon, the Raspberry Pi 5, now with firmware enhanced by Genuine Microsoft Windows 10 Pi Edition. ...I jest, but I can see it happening.

Re:Hey blowhard Brockmire the bullshitter

Fake name fucks are fake. That is that.

YOU'RE THE ONE! I'd like to say "thanks"

See subject: I kept seeing your posts on AMT & did read them, disabling this in the BIOS of my system & making sure the driver never was installed (or enabled) + to be SURE if it was to not only disable it but remove it in Computer Mgt. in Windows "DEVICES" section.

APK

P.S.=> IF it were installed (wasn't), wouldn't doing the above be enough vs. this potential threat? Thanks for answering THIS question too... apk

so, j-core CPU and SoC platform

www.j-core.org

And RISC-V too.

Just say'n.

Re:Fuck off retard

[Gadget_Guy]

I may be a shill, but you are a plain nut-job! I provided a list of non-server Skylake CPUs and motherboard chipsets along with a list of the chipset model numbers that have vPro facility. All you provided was a strongly worded and unsupported assertion. If you had wanted to prove me wrong and actually believed your own rantings then you would have gone through the entire list and counted how many do and don't support vPro. Then you could have gloated about how wrong I was. But you didn't, so I will. Of the desktop CPUs, 6 support vPro while 22 do not. And as I said before only 1 in 6 of their chipsets would actually allow the CPUs to use that feature. You are wrong.

I do wonder why would you say we shouldn't trust Intel's word on their deliberate backdoors when they have been completely upfront (and even boasted) about the remote access facility of AMT! Nothing about this latest revelation shows that Intel have lied about anything.

If you have no evidence to support your notion that every Intel chip is secretly spying on you then don't swear at people who don't share your paranoid ravings. Some of us would rather have proof before we dusted off our pitchforks. That said, I would never buy a CPU that had remote access built in simply to avoid a potential attack vector. But there is a big difference between prudence and paranoia.

Separate Ethernet?

If the thing works by intercepting traffic from the chipset's ethernet wired interface, then would using either a separate PCI card or USB-based ethernet adapter mitigate the issue?

BTW, remember when I said...

[Khyber]

...all silicon was vulnerable?

AMD isn't secure, either.

I told you people there was a game-changing vulnerability out there that resided in pretty much all modern silicon.

Loving those downmods, now, because here I am, shown right. Vindication is always sweet.

Linux?

Does the bug affect Linux?

Re:Linux?

The bug affects processor/motherboard combinations. The OS doesn't get a say.

Re:Just fuck off already.

[Gadget_Guy]

What a disappointingly predictable response. A reply that provides no evidence, and fails to address anything that I said. All we get is name calling and vulgarities. You don't even have the wit to make your insults amusing.

Go on, give me your best shot! Perhaps if you remove your tinfoil hat the CIA might helpfully beam to you some choice phrases.

my cpu is so old

it doesnt even have this stuff

no wonder new games dont work :P when your games dont work and your cpu is not on the list of the latest and greatest backdoor, you know its time to upgrade lol

Fun fact: i5 chips and onwards have a 3g chip in t

[Rujiel]

Supposedly so they can be located if stolen, but it sounds pretty sketch to me. i think the functionality is branded vPro.

Isn't this class action/recall material?

I imagine some lawyer greasing up his hands with a bacon extravaganza just before getting down and dirty with this vulnerability in a class action lawsuit and maybe force Intel to perform a chipset recall. It's about as bad as the floating point fiasco that Intel made many years ago.

Re:Hey blowhard Brockmire the bullshitter

And annon APK posts show that hosts file engine is sad and worthless much like APK.

A middle school dropout who found a copy of VB6 For Drunk Lower Primates could cobble that pile of crap together in a few hours.

All of the hard work was done by others, no original thought by APK but that should be apparent by his tired arguments and spamming.

Re:Hey blowhard Brockmire the bullshitter

Do the world a favor you bloody wanker and toss yourself in front of a lorry on the nearest motorway.

Security & Web pros disagree (eat your words)

Oliver Day (SYMANTEC/SECURITYFOCUS):

http://www.securityfocus.com/c...

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster"

"More recently, projects like Spybot Search & Destroy offer lists of known malicious servers to add a layer of defense against trojans & other forms of malware"

OReilly hosts security -> http://oreilly.com/pub/a/windo... & speed -> http://www.oreillynet.com/pub/...

Steve Gibson endorses hosts https://www.grc.com/sn/sn-045....

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comment...

Malwarebytes hpHosts' hosts/RECOMMENDS me!

Brocke Wilders of WILDERS' SECURITY does inferior clone of MY work http://www.wilderssecurity.com...

APK

P.S.=> China = imitation = flattery too http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/

/.ers disagree (eat your words)

I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's liked + recommended & hosted by Malwarebytes' hpHosts!

APK

P.S.=> If it's "so easy to do" how come YOU can't do better "Brockmire" you FAKE NAME for your FAKE LIFE loser? apk

Take your own advice Brockmire as AC...

See subject: ... & how'd EATING YOUR WORDS taste here https://slashdot.org/comments.pl?sid=10557875&cid=54347839/ & here https://slashdot.org/comments.pl?sid=10557875&cid=54347805/ you fake name for your fake blowhard hotair windbag bullshitter life?

* What's the MATTER blowhard Brockmire the bullshitter? Can't face up to a COMPLETELY fair challenge to show you did better than I have (yet you criticize so easily)?? Yes.

APK

P.S.=> Brockmire = "Run, Forrest: RUN!!!" like the FAKE NAME for your FAKE LIFE bitch that you are motherfucker, lmao... apk

Brockmire = "Run, Forrest: RUN!!!" lol... apk

See subject: ... & how'd EATING YOUR WORDS taste here https://slashdot.org/comments.pl?sid=10557875&cid=54347839/ & here https://slashdot.org/comments.pl?sid=10557875&cid=54347805/ you fake name for your fake blowhard hotair windbag bullshitter life?

* What's the MATTER blowhard Brockmire the bullshitter? Can't face up to a COMPLETELY fair challenge to show you did better than I have (yet you criticize so easily)?? Yes.

(I see you had to TRY "downmod hide" what's in my subject via your doubtless MANY sockpuppet FAKE accounts (for your fake name life) here too, lmao https://slashdot.org/comments.pl?sid=10557875&cid=54338907/ hahahaha...)

Enjoy EATING YOUR WORDS rammed back down your chicken-neck throat washed down by the bitter taste of SELF-defeat Brock ole' boy, lol!

APK

P.S.=> Brockmire = "Run, Forrest: RUN!!!" like the FAKE NAME for your FAKE LIFE bitch that you are motherfucker, lmao... apk