265
Disabling Intel’s backdoors on modern laptops
(hackaday.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 13 Aug 2023
265 points (92.6% liked)
Technology
59080 readers
3566 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Can someone explain what the Intel ME actually does / is? Thank you.
Intel Management Engine is a component that has access to your computer on a level that even you, the computer owner, don't have access to. It can be operated remotely, even when your computer is off.
And traditionally you can't even disable it (remember, you're not the trusted party in that mix).
https://en.wikipedia.org/wiki/Intel_Management_Engine
My understanding is that it's meant to be an enterprise tool for Sys admins of business and schools to allow for remote monitoring and troubleshooting, but because it's expensive to make two sets of devices, it's in everything.
Relevant bits from that wiki:
.
.
.
So who is using it? Where are tools which allow you to set up and manage the infrastructure? Why it can't be disabled, except hacks, and one undocumented feature requested by NSA, because they did not want it running? It is a backdoor, if it wasn't it would be disabled by default and you would have to pay premium to have that feature enabled.
Enterprise. Intel has a tool that lets you use it but other management services like SCCM and landesk have methods to use amt/vpro.
IntelME is an embedded Microcontroller in the Intel Chipset (in the south-bridge chip) which depending on variations in generation, has a multitude of different features such as Active Management Technology used in IT department, clock controls and a few more things.
Because it is closed source there are security concerns about possible vulnerabilities in it which could possibly be exploited, as well as several conspiracy theories about it. Due to that hobbyists as well as certain OEMs have found out ways to disable it in attempt to mitigate these issues.
For more detailed information on it I would highly recommend this video by CCC on the subject, it covers what IntelME does and how it was able to be disabled.
34C3 - Intel ME: Myths and reality (Youtube)
34C3 - Intel ME: Myths and reality (media.ccc.de)
AMT is a great way to get a passworded VNC session into the terminal.
Well provided your OEM hasn't disabled it, on most of the computers I checked with IntelMEtool (the ones new enough to have IntelME) I found that AMT shows up as disabled on most of them, except for a few.
As a tech enthusiast and it support personnel i can tell you this: no one knows, possibly not even Intel.
I asked our Intel guy about it once. After you've dealt with vendors and sales engineers for long enough, you start to learn to detect when they have no clue how one of their offerings work. I'm not sure that I've ever heard so many non-specific comments, meaningless buzzwords, and attempts to redirect the conversation.
I didn't get it even a little bit until I found an open source project based on Intel AMT, and that's apparently just a piece of ME.
Sounds about right👍
It’s used for out of band management. With the correct hardware items (nic and gpu) it’s called vPro. With the proper certificate and supporting infrastructure it can auto-enroll into a management service such as SCCM. It allows companies to remotely view logs, bios settings and other items. With vPro it can include a complete remote KVM solution.
You can disable it from most UEFI settings interfaces without worry of causing other issues.
It's a microcontroller that runs within Intel based systems allowing full control access at the processor level. It runs outside of your processor and any time the system is plugged in or is on battery. It doesn't require the main processor up for it to be accessible. More info on it on [wikipedia]https://en.wikipedia.org/wiki/Intel_Management_Engine).
AMD's equivalent is called AMD Secure Technology.