Slashdot Mirror
Researchers Find a Way To Disable Intel ME Component Courtesy of the NSA (bleepingcomputer.com)
An anonymous reader writes:Researchers from Positive Technologies -- a provider of enterprise security solutions -- have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs that many have called a secret backdoor, even if Intel advertised it as a "remote PC management" solution. People have been trying for years to find a way to disable the Intel ME component, but have failed all this time. This is because disabling Intel ME crashes computers, as Intel ME is responsible for the initialization, power management, and launch of the main Intel processor.
Positive Technologies experts revealed they discovered a hidden bit inside the firmware code, which when flipped (set to "1") will disable ME after ME has done its job and booted up the main processor. The bit is labelled "reserve_hap" and a nearby comment describes it as "High Assurance Platform (HAP) enable." High Assurance Platform (HAP) is an NSA program that describes a series of rules for running secure computing platforms. Researchers believe Intel has added the ME-disabling bit at the behest of the NSA, who needed a method of disabling ME as a security measure for computers running in highly sensitive environments.
The original submission linked to a comment with more resources on the "Intel CPU backdoor" controversy.
Positive Technologies experts revealed they discovered a hidden bit inside the firmware code, which when flipped (set to "1") will disable ME after ME has done its job and booted up the main processor. The bit is labelled "reserve_hap" and a nearby comment describes it as "High Assurance Platform (HAP) enable." High Assurance Platform (HAP) is an NSA program that describes a series of rules for running secure computing platforms. Researchers believe Intel has added the ME-disabling bit at the behest of the NSA, who needed a method of disabling ME as a security measure for computers running in highly sensitive environments.
The original submission linked to a comment with more resources on the "Intel CPU backdoor" controversy.
In the early 2000s, my CD tray went out, and somebody started typing on my screen to me. It was such a violation that somebody had put a trojan on my machine and snooped around for who knows how long silently before revealing themselves. And since the trojan has no username/password, he not only opened my computer up to his sick self to sit there and watch my private computing environment and download files and watch screenshots of my desktop and all kinds of things -- he also let the entire world connect as they pleased as long as they found my IP address (ICQ advertised this to every contact back then, for example).
And now, with as much security knowledge I've been able to collect for all these years since, my HARDWARE enables some assholes to remotely spy and watch me in real time... it makes me physically sick to think about it. I wouldn't be surprised if it turns out that anything I've ever seen on my computers is all available in some enormous data collection cave in lossless fullscreen video. All ready to blackmail me the minute I gain any sort of power...
Some "friends" I had, who would do such a thing. People don't respect you or your privacy one single little bit.
I don't want to sound paranoid, but...
Given the history of this organisation, there is a possibility that the 'disable Intel ME, block the nefarious attackers' bit is a decoy.
(Disclaimer: I use a 2008 thinkpad with the SOIC-16 personally reprogrammed using a beaglebone. So maybe I'm paranoid.)
...or does it seem slightly meta that, in a sense, Intel's backdoor has it's own backdoor.
-It is by will alone I set my mind in motion.