Slashdot Mirror
EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org)
The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report:
While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
AMD faces the exact same incentives Intel does to seize control of the hardware it sells.
EFF speaks the truth, but most of its audience will not listen. Intel and their ilk will continue to get away with selling us disobedient hardware so long as Joe consumer doesn't normally feel much pain from this disobedience.
As a member of the audience, if I am going to be buying a chipset then who do I buy it from if I want to talk with my wallet? Aren't Intel and AMD pretty much the only games in town?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
so i guess this is why neither amd nor intel license 3rd party chipsets anymore... this tech is currently not only reliant on the cpu, but also the motherboard's chipset... and if people *HAVE TO* use their chipsets to use their processors.. then they pretty much assure that everything new since a known date is going to have the feature set in hardware... and NOT EVERYTHING is controllable by a bios when management is configurable in it.
i guess i'm gonna hang on to a few old via-based boards and old 370/462 chips i have.. their value keeps going up every time something like this gets published.
If you don't want a backdoor in your processor, you'll need to use an ancient processor.
But fortuitiously, for the 95% of us who aren't ardent gamers, aren't bitcoin miners, and aren't wrangling huge data bases, ancient processors should be more than adequate. A 386SX16 might be a bit lightweight for playing cat videos. But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
> Does anybody really know how 'safe' AMD chips are'?
No, nobody knows. AMD engineers *think* they know, but that's what engineers always say while shipping bugged code. If (and it's a big if) there's a backdoor, say, by the Mossad, or the NSA, or the FSB, then you might think that THOSE guys know how 'safe' the chips are- but they don't either, and for the same reason (though if that is true, they would at least know in what exact measure the chips must be UNsafe).
What AMD has is the Platform Security Processor (PSP, not to be confused with Sony's gameboy wannabe). The PSP, if not present, will not allow the x86 cores to process anything. The PSP on AMD and the ME on Intel are the topics of the day. Finally.
AMD has shown some interest in going fully open with their PSP stuff. If they choose this direction, it would be an immense step forward: everyone who is concerned about the ME could simply buy an AMD. Those who want to risk the ME would be free to choose on other variables. Hasn't happened yet though.
Ha! The NSA is directly responsible for weaponizing and attempting to bury a security flaw that just caused a massive worldwide crisis this weekend and there appears to be no hell to pay for that. I'm pretty sure it's been established that they'll not be held accountable for anything they do.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
The BMCs used for IPMI have far less ability to spy on the running system than the ME does. The older BMCs only had a serial connection that the OS could choose to ignore. Newer ones can see the console (which a server can ignore) and a virtual drive (which the OS can ignore). They can be entirely disabled (including removing it from the board if you're paranoid) or restricted to a management network (physically separate or vlan, your choice).
In contrast, the ME cannot be removed without bricking the system, it can probe main memory and any device attached to the system. It can even blow the OS away and replace it with one under the attacker's control. Since it can do that without writing to disk, the whole thing can disappear without a trace by strobing reset.
Are you SURE the systems with IPMI are a bigger risk?
If you don't want a backdoor in your processor, you'll need to use an ancient processor.
But fortuitiously, for the 95% of us who aren't ardent gamers, aren't bitcoin miners, and aren't wrangling huge data bases, ancient processors should be more than adequate. A 386SX16 might be a bit lightweight for playing cat videos. But a 15 year old VIA C5 will do a surprising amount of the things people actually want to do about as well as more modern CPUs.
What are you smoking? A 15 year old VIA C5 would barely run java with decent performance. Load any web page today and there are over 25 java scripts being run in the background. The only thing that saved java was the increase in CPU power. Core 2 CPUs from 2006/2007 (about 10 years ago) would be the bare minimum.