New Intel-Based PC’s Permanently Hackable

[Johnny]

New Intel Chips Contain Back-Door Processor,...

By Jim Stone, jimstonefreelance.com
September 19th, 2013

New Intel-Based PC’s Permanently Hackable

So you think no one can access your data because your computer is turned
off. Heck it’s more than turned off, you even took the main hard drive
out, and only the backup disk is inside. There is no operating system
installed at all. So you KNOW you are safe.

Frank from across the street is an alternative operating systems
hobbyist, and he has tons of computers. He has Free BSD on a couple, his
own compilation of Linux on another, a Mac for the wife, and even has
Solaris on yet another. Frank knows systems security, so he cannot be
hacked . . . or so he thinks.

The government does not like Frank much, because they LOVE to look at
everything. Privacy is a crime don’t you know, and it looks like Frank’s
luck with privacy is about to run out.

The new Intel Core vPro processors contain a new remote access feature
which allows 100 percent remote access to a PC 100 percent of the time,
even if the computer is turned off.

Continued:
http://www.popularresistance.org/new-intel-based-pcs-permanently-hackable/

I don't know if this is true or not, but I thought it was an interesting
and well written article, and thought others might like to read it.

 

[philo]

The new Intel Core vPro processors contain a new remote access feature
which allows 100 percent remote access to a PC 100 percent of the time,
even if the computer is turned off.

X

April 1st is still a few months away

 

[Paul]

New Intel Chips Contain Back-Door Processor,...

By Jim Stone, jimstonefreelance.com
September 19th, 2013

New Intel-Based PC’s Permanently Hackable

So you think no one can access your data because your computer is turned
off. Heck it’s more than turned off, you even took the main hard drive
out, and only the backup disk is inside. There is no operating system
installed at all. So you KNOW you are safe.

Frank from across the street is an alternative operating systems
hobbyist, and he has tons of computers. He has Free BSD on a couple, his
own compilation of Linux on another, a Mac for the wife, and even has
Solaris on yet another. Frank knows systems security, so he cannot be
hacked . . . or so he thinks.

The government does not like Frank much, because they LOVE to look at
everything. Privacy is a crime don’t you know, and it looks like Frank’s
luck with privacy is about to run out.

The new Intel Core vPro processors contain a new remote access feature
which allows 100 percent remote access to a PC 100 percent of the time,
even if the computer is turned off.

Continued:
http://www.popularresistance.org/new-intel-based-pcs-permanently-hackable/

I don't know if this is true or not, but I thought it was an interesting
and well written article, and thought others might like to read it.

http://en.wikipedia.org/wiki/Intel_Active_Management_Technology (AMT)
http://en.wikipedia.org/wiki/VPro

This is one of the few good slide decks on the subject of
AMT I've snagged over the years. On page 30, you can see
that if the ME2 firmware area is missing, there is no danger.
It's a firmware based feature, And the code for the
internal chipset processor (ME), is stored in the
same chip as the BIOS for the main CPU.

http://pds4.egloos.com/pds/200706/04/57/ps_adts003.pdf

The tech is hardware-ready on Q series desktop chipsets.
If the chipset doesn't have Q as the first letter, that's
a very good sign.

Some of the Q products show up in business laptops (that laptop
you gave the CEO), and also in some desktop Q series motherboards
marketed to IT groups. If you don't have an appropriate firmware
though, I don't think it'll go anywhere.

It may also be gated by the NIC side of things.
The motherboard NIC, I think it's supposed to be
Intel branded for this to work. It could be, if you
plug in a third-party NIC card, that NIC port can't
contact the Management Engine. So that may be another
possible way to fix it.

Since Intel constantly adds to the functionality of this
stuff, I can't really say how much worse it is now.
Like you, I was just a wee bit concerned when this
first came out. Scary idea. Intel will think they've
provided safeguards, but Intel has been wrong before.
Some other things Intel thought were a good idea,
turned out to be less than bulletproof too.

I would say the biggest danger with a thing like that,
is if "rogue code" could be put in the ME2 code module.
Like say, a Chinese manufacturer slipped something
in there. Who would know ?

Now, if I was designing that (as a hardware guy),
I would have put a jumper on the board to disable it.
In a similar vein to TPM, where the smart manufacturers
put it on a header, and for the paranoid customers,
they could simply unplug the TPM module and have
a TPM-free machine. I still see motherboards
made that way today (ships with TPM header, but
no module installed on the pins).

Paul

 

[miso]

"ou see, Core vPro processors work in conjunction with Intel’s new Anti
Theft 3.0, which put 3g connectivity into every Intel CPU after the
Sandy Bridge version of the I3/5/7 processors. Users do not get to know
about that 3g connection, but it IS there."

So Intel has 3g connectivity without a simcard let alone a service
contract. Uh, I don't think so.

The wanker that wrote the article is thinking of
http://www.supermicro.com/products/nfo/ipmi.cfm

i haven't used IMPI, but I believe it is part of the chipset, not the
CPU. Further, you need it on the mobo and have to enable it. I recall a
hack being published for IMPI a few months ago, but it could be mitigated.

 

[Paul]

"ou see, Core vPro processors work in conjunction with Intel’s new Anti
Theft 3.0, which put 3g connectivity into every Intel CPU after the
Sandy Bridge version of the I3/5/7 processors. Users do not get to know
about that 3g connection, but it IS there."

So Intel has 3g connectivity without a simcard let alone a service
contract. Uh, I don't think so.

The wanker that wrote the article is thinking of
http://www.supermicro.com/products/nfo/ipmi.cfm

i haven't used IMPI, but I believe it is part of the chipset, not the
CPU. Further, you need it on the mobo and have to enable it. I recall a
hack being published for IMPI a few months ago, but it could be mitigated.

http://en.wikipedia.org/wiki/Intel_vPro

http://www.pcmag.com/article2/0,2817,2369110,00.asp

I think there are some caveats on this capability.
The only reason the 3G is getting mentioned, is it
happens to be added to some Intel NIC/Wifi/3G card.
Changing out the card and using a NIC card only, would
make it more secure if you wanted.

The video on the Intel site, still makes it look
like the capability is based on an AMT processor
in the chipset.

But unless we can find the equivalent of that
old ps_adts003.pdf slide set, it's going to be
pretty hard to do a thorough analysis.

If there is no ME firmware in your motherboard
BIOS chip, that's probably a good sign right there.
No firmware, no AMT.

Paul

 

[John McGaw]

X

April 1st is still a few months away

But isn't October "National Paranoia Month" celebrated by wrapping both
your head and your computer in tin foil? Motto: Remember, it has to be tin
foil -- aluminum will not work against the control rays.

 

[philo]

But isn't October "National Paranoia Month" celebrated by wrapping both
your head and your computer in tin foil? Motto: Remember, it has to be
tin foil -- aluminum will not work against the control rays.

I always thought it odd that tin foil is made out of aluminum.

 

[Darklight]

New Intel Chips Contain Back-Door Processor,...

By Jim Stone, jimstonefreelance.com
September 19th, 2013

New Intel-Based PC’s Permanently Hackable

So you think no one can access your data because your computer is turned
off. Heck it’s more than turned off, you even took the main hard drive
out, and only the backup disk is inside. There is no operating system
installed at all. So you KNOW you are safe.

Frank from across the street is an alternative operating systems
hobbyist, and he has tons of computers. He has Free BSD on a couple, his
own compilation of Linux on another, a Mac for the wife, and even has
Solaris on yet another. Frank knows systems security, so he cannot be
hacked . . . or so he thinks.

The government does not like Frank much, because they LOVE to look at
everything. Privacy is a crime don’t you know, and it looks like Frank’s
luck with privacy is about to run out.

The new Intel Core vPro processors contain a new remote access feature
which allows 100 percent remote access to a PC 100 percent of the time,
even if the computer is turned off.

What if the router is turned of, or the Ethernet cable is plugged out?
Can you access a pc if it is turned off? and why!
Or what if the power lead is plugged out?

 

[miso]

On 10/28/2013 10:05 AM, Paul wrote:
<snip>
"AMT provides similar functionality to IPMI, although AMT is designed
for client computing systems as compared with the typically server-based
IPMI."

News to me, so this tin foil post wasn't totally useless. That is, I
didn't know consumer computers had this feature. It seems really stupid
since there is no need in my opinion to remotely service a client PC.
Servers yes, since often they are in another town if not state.

In light of the Snowden revelations, I'm not so happy about this feature.

 

[Paul]

On 10/28/2013 10:05 AM, Paul wrote:
<snip>
"AMT provides similar functionality to IPMI, although AMT is designed
for client computing systems as compared with the typically server-based
IPMI."

News to me, so this tin foil post wasn't totally useless. That is, I
didn't know consumer computers had this feature. It seems really stupid
since there is no need in my opinion to remotely service a client PC.
Servers yes, since often they are in another town if not state.

In light of the Snowden revelations, I'm not so happy about this feature.

As far as I know, it's on Q series Intel chipsets.
It would be Q on a desktop, something like QM on
a laptop. For AMT to work, the onboard NIC has to be
Intel-branded as well. Since motherboard makers
don't normally spend extra on Intel NICs, if you
see an Intel NIC and a Q series chipset, that's a hint
the board is intended for AMT and "big IT".

Comparable chipsets (probably based on the silicon die),
they have an address decode for fan controllers, but
the other two decodes for AMT functions seem to be missing.
(The chipsets I compared, the fully functional one had
three interfaces in all.) So when you buy a product with
the "Q" features, it's a common chip where a wire bond or
fuse, turns on the "Q" stuff.

And it won't really do anything, if the ME firmware load
is missing. IT departments are probably re-flashing the BIOS
with their AMT support tools anyway, so maybe there isn't that
much exposure to rogue code. I do see some people on here
though, buying Q chipset boards, and I don't really know
if they're aware of what they've bought and how to
maintain it (carefully ).

Paul