this post was submitted on 16 Sep 2024
56 points (96.7% liked)

Privacy

32169 readers
423 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

When it comes to Intel Management Engine, I actually think it's not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn't enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren't using it and why wouldn't they use it?

There's a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can't actually trust the HAP bit to really disable intel ME permanently. It's more like asking Intel to do what they have promised because it's proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That's why I think the newer laptop models are better because it's probably not necessary to disable, it's enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I'm interested to hear what you think as well.

all 38 comments
sorted by: hot top controversial new old
[–] [email protected] 47 points 2 months ago (2 children)

I choose not to think about it or include it in my mental threat model, the same way I choose to not worry about thermonuclear warheads.

If there’s some exploitable backdoor and Intel gets owned, we’re all boned and there’s nothing we can really do about it. I don’t have anti-ballistic-missile systems, and I also don’t have the capability to make an entire hardware/firmware/os from scratch.

So instead focus on the things you can control and are more likely to happen. Don’t plan for doomsday, plan for every day.

[–] gnutard 8 points 2 months ago (1 children)

I would go on eBay and buy a Libreboot machine from 2009 and prior (X200, T500, etc.) These systems have 100% no blobs in the firmware and can have the IME fully disabled. I use these as my daily and I'm fine.

[–] [email protected] 0 points 2 months ago

Except nuclear weapons have only been used twice in war, and IME is probably used all the time

[–] [email protected] 18 points 2 months ago (1 children)

IMHO Intel ME or the AMD equivalent are only relevant for state level targeted attacks. It wouldn't be wise for them to waste it on the small fries and risk having some snoopy I-have-nothing-better-to-do-with-my-life security researcher find some attack payloads.

Of course you are right to be worried and think about it. Right now the best you can do is coreboot, it allows you to disable it.

If you want to counter that risk the best is to get a computer like the nitropads (coreboot and only open source firmware, qubeos on top) https://www.nitrokey.com/news/2020/nitropad-secure-laptop-unique-tamper-detection or the ones of system76 After that, it's no use worrying too much. You could as well be hit be hit in a car crash, a seism or a tsunami could also hit you city. Don't think about it too much, just have a small plan so you are not too lost if the black swan comes for you.

[–] gnutard 4 points 2 months ago* (last edited 2 months ago) (1 children)

Open source is not enough. It needs to be entirely free software. I recommend buying a Libreboot laptop from before 2009, they can fully disable/remove the IME and have a 100% free BIOS firmware (anything supported device with a Core Duo processor basically).

[–] [email protected] 4 points 2 months ago

Thanks! I dug in and just found out that you can buy libreboot computers with Intel ME disabled and support the libreboot project on https://minifree.org/

They actually have an interesting selection.

[–] [email protected] 16 points 2 months ago

The NSA tries incredibly hard to not make public which of the many many options in their toolbox are in active use at any given time. Not sure anyone outside the org can say for sure what they are and aren't using.

[–] [email protected] 16 points 2 months ago (1 children)

It is a huge threat just like any low level firmware. However, there isn't much you can do

[–] [email protected] 5 points 2 months ago* (last edited 2 months ago) (1 children)

Buying other hardware that you (well... not me ;) can inspect and verify, e.g RISC?

For now the performances are pretty terrible BUT one can imagine, assuming they have the right discipline and mental model doing what's actually personal on a verifiable processor, e.g browsing and reading emails, and what's not, e.g watching a TV show on another machine with CPU/GPU with an unverifiable architecture.

PS: I have a Precursor and a Banana Pi BPI-F3 with SpacemiT K1 8 core RISC-V chip and that's the main idea behind them both, i.e knowing, as a community, how it works all the way down.

[–] [email protected] 2 points 2 months ago (1 children)

How do you want to verify a RISC core not doing something funny?

[–] [email protected] 1 points 2 months ago (2 children)

The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it's been built?

Get it audited by tools, e.g OneSpin, or people, e.g Bunnie, that one trusts?

I'm not saying it's intrinsically safer than other architectures but it is at least more inspectable and, for people who do value trust for whatever, can be again federated.

I assume if you do ask the question you are skeptical about it so curious to know what you believe is a better alternative and why.

[–] [email protected] 1 points 2 months ago (1 children)

I mean can't they just audit a version that doesn't have a backdoor/snoops. Verifying against silicon is probably very hard.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

I imagine it's like everything else, you can only realistically verify against a random sample. It's like trucks passing a border, they should ALL be checked but in practice only few gets checked and punished with the hope that punishment will deter others.

Here if 1 chip is checked for 1 million produced and there is a single problem with it, being a backdoor or "just" a security flaw that is NOT present due to the original design, then the trust in the company producing them is shattered. Nobody who can afford alternatives will want to work with them.

I imagine in a lot of situations the economical risk is not worth it. Even if say a state actor does commission a backdoor to be added and thus tell the producing company they'll cover their losses, as soon as the news is out nobody will even use the chips so even for a state actor it doesn't work.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

Thats true, but that sadly won't help against a state forcing a company to put these things into the silicon. Not saying they do rn, but its a real possibility.

[–] [email protected] 1 points 2 months ago (1 children)

The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it’s been built?

You can audit IntelME a similar way, it's just more annoying and tedious, it's also been done before by people. Honestly I don't bother much with the IntelME conspiracy theory much anymore (and yes I will call it a conspiracy theory, more on why later), I did used to be extremely interested in it about 2 years ago, I researched the topic heavily. I met people and colleagues who were also interested in it. However I found when I suggested ways to study or prove the claims made about it, like where it's communicating to or how it interacts with the system or even just disassembling the rom I would get weird answers about it knowing when it's being probed and that I wouldn't consider entirely rational when describing a tiny embedded system like this. Then I came across the 34C3 video and basically I realized then and there that this is a conspiracy theory, as there is a whole great study done by these guys and everyone is ignoring it.

Then there's the fact that many of the theories out there seem to resist investigation, and people seem to come up with more elaborate ways of it resisting. Example: I presented the idea of sniffing the Ethernet connection of the computer by cutting the cable in half and probing it with a debugger and they claimed that the chip would listen with the microphone and abort, or that IntelME would skew the data collected when loaded up on another computer.

The end result is that I bought a high end PC from System76 with the capability to disable IntelME largely for nothing, which would be fine if the Laptop wasn't so problematic, like the fact that it gets insanely hot and chews through battery insanely fast (seriously Battery consumption is worse on this laptop than my Steam Deck). Also it chews through power like this even on the iGPU, but it was way worse on the nvidia GPU, like way way worse. I wish I had gotten something AMD based, They're killing it when it comes to performance and efficiency, more than I can say for Toasty old Intel.

[–] [email protected] 2 points 2 months ago

It's a tricky situation to navigate.

There is the technical aspect, namely is it actually feasible, but itself wrapped within an economical and political context, as I've highlighted in another thread on this post.

On one hand we learn from Snowden's leaks about an entire surveillance apparatus, we might also have a conceptual understand of limitations via articles like "On trusting trust", plain incompetence and shortcuts for large companies, so all that and more invite us to be very prudent. Those are actual justifications for questioning what hardware, if any, can be trusted.

Yet... one can't go from those justifications to speculate. Yes there might be flaws, intentional or not, in both the design or the production or both of chips. Still, it's not because it's conceptually possible, or even that it happened before, that it does happen today and at scale.

Your System76 is an interesting example and it's a bit like my Banana Pi tinkering, or even more limited (yet exciting IMHO) the Precursor. Namely it's a very costly trade off today to "work" with hardware one can (at least try to) understand better, hopefully itself leading to better privacy and security. In the end most of us believe the trade off for more affordable performances trumps that deeper understanding.

[–] [email protected] 5 points 2 months ago (1 children)

Just restrict network access (both in and out) with proper (trusted) hardware firewall. It's much safer that relying on disabling / configuring etc. You can't attack what you can't reach (directly or in reverse).

[–] [email protected] 1 points 2 months ago

I don't have experience with that yet. Are you talking about a PI hole? Can you give a little idea on how to make such firewall rules? Because I want to have a laptop with many VMs or Qubes and each VM has different firewall rules. An email qube would only allow connection to the email server. Maybe one of the safe browsing VMs would only allow connections to the websites I typically visit. The unsafe VM maybe to everything except for known bad IPs/domains.

And NSA and other potential adversaries most likely have access to at least one domain that isn't blocked by firewall.

[–] Jumuta 3 points 2 months ago

idk, never worried about it but my main computer doesn't have it so I just passively use that for important things

[–] [email protected] 2 points 2 months ago (1 children)

I think that a lot of the IntelME stuff is what people would typically call a conspiracy theory, not like a theory of a conspiracy, but rather where the conspiracy is largely invented for the purpose of being scared or angry, or for attention from others who get scared or angry. Obviously not all of it is, and there are people who do research it, but the videos about it that you usually see on YouTube, most of them are like this.

The thing is that intelME isn't like a government conspiracy where there isn't much if any tangible evidence for it, IntelME is physically installed on millions upon millions of Intel PCs around the world, so it's very easy to test the myths and claims by sacrificing some of these Intel computers. The fact though that most of the people making claims seem to not want to do that, suggests that they don't think it's as big a problem as they say it is. There are few people who have tested it though, a notable example from 34C3 where they found that it's actually much more boring. Honestly the idea that people say it cracks Wifi passwords, or exchanges data home with a server, all this stuff people claim can be easily tested, even analyzing the network packets from a PC to see if it actually phones home when it's off (can do that by probing an Ethernet cable and capturing the signals externally. The reason I claim the IntelME stiff is a conspiracy is because most of the people making the claims resist investigation, the same way that Flat earth theories and Lizard people theories resist investigation. My example of probing the network cable? Yeah I proposed that to someone already and they claimed IntelME would know the Ethernet is being probed, when I inquired how I was given many nonsensical claims, from microphone listening to talking to IntelME on another computer skewing the results, can't make this shit up.

So to summarize, a lot of the claims are unsubstantiated claims, which could be easily proven or disproven due to easy access to IntelME based systems, but isn't because the people making the claims can't be bothered, and to top it all off many of them simply make arguments to resist investigation of IntelME in the first place, just like classical bad-faith conspiracy theories, and actual investigations like the one shown as 34C3 are swept under the rug. I don't think IntelME doesn't have issues or that it isn't a security risk, it is like any firmware, but the sensationalized claims made about it regularly online don't hold water, and the people making them should be called out for perpetrating conspiracy theories without merit. I'd leave some links to them but I don't know if that's allowed here, could be considered harassment.

[–] [email protected] 1 points 2 months ago (1 children)

Good suggestion about analyzing network packets. I don't know anything about how to do that except there are tools like wireshark which can help but I still have no knowledge on doing that. And I think you would need to make a script to monitor it for you because it would probably only (talking theoretically now) phone home very quickly on rare occasions, it wouldn't be continous. So your script would have to be able to detect these short and rare anomalies. I don't know anything about how to do any of this though but I will add it to my todo list down the road.

Another problem is you might need to get the NSA's attention first and make yourself a target. You also need to make sure there is no other way for them to spy on you, so they are left with only using intel me as their last resort.

So because I don't know anything about analyzing network packets I can't say if you're right but it does seem convincing. And it would be great for security in general as well, not only for investigating intel ME. I will definitely learn more about this later.

[–] [email protected] 1 points 2 months ago

You'd probably need to monitor the computer's network for a long time to get a detection, also something important is that if you're on a System with AMT disabled/not present, you won't ever get any, since those IntelME versions come without any network stack whatsoever.

In fact that's one of the primary reasons why I haven't tried it yet, almost none of the Intel computers I own even have the Intel AMT component enabled in the IntelME firmware, meaning they just won't do it, like ever. The only one I have which supports AMT is an old Laptop with a slow AF intel Centrino, it's so slow that it struggles with XFCE alone and no other apps running, I don't know if I could use this computer long enough to get any readings from it because it's just too slow to do anything really.

If you want to try it out I'd suggest building a copy of IntelMEtool and testing your Intel Machines to see if they have AMT enabled or present before trying yourself.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

Anything that was designed be exploited was designed that way for a reason. You think Intel isn't aware of the security issues with how they designed their CPUs?