this post was submitted on 13 Aug 2023
262 points (92.5% liked)

Technology

59689 readers
3167 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 33 points 1 year ago (1 children)

Intel Management Engine is a component that has access to your computer on a level that even you, the computer owner, don't have access to. It can be operated remotely, even when your computer is off.

And traditionally you can't even disable it (remember, you're not the trusted party in that mix).

https://en.wikipedia.org/wiki/Intel_Management_Engine

[–] [email protected] 22 points 1 year ago* (last edited 1 year ago) (1 children)

My understanding is that it's meant to be an enterprise tool for Sys admins of business and schools to allow for remote monitoring and troubleshooting, but because it's expensive to make two sets of devices, it's in everything.

Relevant bits from that wiki:

The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.

.

Intel's main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.

.

Critics like the Electronic Frontier Foundation (EFF), Libreboot developers, and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the owner-controlled CPU cores having any knowledge), and has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall.

.

In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the National Security Agency (NSA) budget request for 2013 contained a Sigint Enabling Project with the goal to "Insert vulnerabilities into commercial encryption systems, IT systems, …" and it has been conjectured that Intel ME and AMD Secure Technology might be part of that program

[–] [email protected] 7 points 1 year ago (1 children)

So who is using it? Where are tools which allow you to set up and manage the infrastructure? Why it can't be disabled, except hacks, and one undocumented feature requested by NSA, because they did not want it running? It is a backdoor, if it wasn't it would be disabled by default and you would have to pay premium to have that feature enabled.

[–] [email protected] 2 points 1 year ago

Enterprise. Intel has a tool that lets you use it but other management services like SCCM and landesk have methods to use amt/vpro.