cpu backdoor within a intel cpu?

[boozzer]

http://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

just how credible is this? is any of this true?

 

[Burpo]

Been that way a long time..

 

[jhu]

http://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

just how credible is this? is any of this true?

All computers have something similar. It's not just an Intel thing.

 

[boozzer]

so it is true? 100%? this could make my next cpu upgrade amd. or does amd also got something like that?

 

[boozzer]

All computers have something similar. It's not just an Intel thing.

could you explain?

 

[jhu]

so it is true? 100%? this could make my next cpu upgrade amd. or does amd also got something like that?

AMD calls their system PSP (Platform security Processor). It's an ARM chip rather than an ARC chip, and they have the same function.

 

[SarahKerrigan]

All computers have something similar. It's not just an Intel thing.

Most ARM parts don't (although AMD's Seattle ARM does.) POWER doesn't. I don't think SPARC does. AMD didn't until very recently; neither Kaveri nor Vishera has an equivalent to the Management Engine, although Mullins and Carrizo do.

 

[jhu]

Most ARM parts don't (although AMD's Seattle ARM does.) POWER doesn't. I don't think SPARC does. AMD didn't until very recently; neither Kaveri nor Vishera has an equivalent to the Management Engine, although Mullins and Carrizo do.

While most ARM devices don't have a separate processor for such things, it is also true that there are a large chunk of ARM devices in the form of phones. And phones have radio firmware that also has access to everything.

POWER and SPARC are rather irrelevant in the consumer space.

 

[FIVR]

AFAIK this was mandated on all x86 chips made in the US after 2015. AMD just recently started using a similar system. This is probably a big reason why the chinese have gone so quickly to domestic semiconductor manufacturing and design.


How would we stop thought crime if the NSA had to go get a warrant every time they wanted to search your computer?


Edit: Also a huge reason why Apple is now building its own servers from the ground up, and why apple refuses to merge OS X and iOS. How can you have OS security when your CPU, memory and nic are all under control of whomever has the password to the ME?

 

[boozzer]

AFAIK this was mandated on all x86 chips made in the US after 2015. AMD just recently started using a similar system. This is probably a big reason why the chinese have gone so quickly to domestic semiconductor manufacturing and design.


How would we stop thought crime if the NSA had to go get a warrant every time they wanted to search your computer?


Edit: Also a huge reason why Apple is now building its own servers from the ground up, and why apple refuses to merge OS X and iOS. How can you have OS security when your CPU, memory and nic are all under control of whomever has the password to the ME?

that is pretty crazy. so if I upgrade my cpu in the near future, I would have no choice in the backdoors? because all cpus would come with one? intel or amd doesn't matter?

damn.

 

[FIVR]

Don't worry though, all the US intelligence agencies are so inundated with data they can't parse in any reasonable timeframe that they stop literally no crimes. If you're a criminal, it's all gravy. Keep crimin'




The real use for all this, is for when they find a political opponent they need to silence. Say, somebody who wants to cut the NSA budget. Log into ME. Steal data. Extort.

 

[SparkyJJO]

Reads like a bunch of tinfoil hat stuff. It is so secure that they can't break into it, but instead of taking it as a good thing that it is so tightly locked down he freaks and says it is scary. Um, why? If you can't break in, then your supposed "risk" of arbitrary code from some hacker dude is pretty much nil.

 

[boozzer]

Reads like a bunch of tinfoil hat stuff. It is so secure that they can't break into it, but instead of taking it as a good thing that it is so tightly locked down he freaks and says it is scary. Um, why? If you can't break in, then your supposed "risk" of arbitrary code from some hacker dude is pretty much nil.

to be honest, after snowden, all the tinfoil stuff got a 99% boost in credibility. and this isn't even tinfoil, it is right there for all of us to see.

I guess this really doesn't concern us, the small fries. only people who are in position of power or countries stand to lose over security concerns.

 

[jhu]

to be honest, after snowden, all the tinfoil stuff got a 99% boost in credibility. and this isn't even tinfoil, it is right there for all of us to see.

I guess this really doesn't concern us, the small fries. only people who are in position of power or countries stand to lose over security concerns.

If you're worried about this stuff, which was designed for enterprise remote management and fairly well documented for at least 10 years, are you also worried about your hard disk, wifi, ethernet, GPU, and CPU microcode firmware? If you are, then you should stop using computers at all. Or just keep your computer off the internet.

 

[Phynaz]

If you're worried about this stuff, which was designed for enterprise remote management and fairly well documented for at least 10 years, are you also worried about your hard disk, wifi, ethernet, GPU, and CPU microcode firmware? If you are, then you should stop using computers at all. Or just keep your computer off the internet.

This.

Author of the article is a dumbass. He apparently thinks Huffman compression is proprietary to Intel.

 

[boozzer]

If you're worried about this stuff, which was designed for enterprise remote management and fairly well documented for at least 10 years, are you also worried about your hard disk, wifi, ethernet, GPU, and CPU microcode firmware? If you are, then you should stop using computers at all. Or just keep your computer off the internet.

I was just really surprised when I read this. I got the link to the article on reddit about the super computer in china and why they aren't using american tech.

I don't like having a backdoor to my pc. But I also realize I am way to minuscule to even warrant a peek from any of the agencies. Just another nobody.

 

[TheRyuu]

There was a paper written about some issues with Intel x86 which includes the ME[1][2][3].

tl;dr There's more to it than some "tinfoil hat stuff". The concerns are justified but it may take time to actually see the complete picture when it comes to some of these issues.

[1] http://blog.invisiblethings.org/2015/10/27/x86_harmful.html (blog post)
[2] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf (actual paper)
[3] https://news.ycombinator.com/item?id=10458318 (HN discussion)

 

[bononos]

Reads like a bunch of tinfoil hat stuff. It is so secure that they can't break into it, but instead of taking it as a good thing that it is so tightly locked down he freaks and says it is scary. Um, why? If you can't break in, then your supposed "risk" of arbitrary code from some hacker dude is pretty much nil.

All that needs to break the security is a key which can be shared with other parties like the NSA. And then the ME is a general purpose cpu which has full access to every component, instead of just being a minimal microcode bug patcher. That was the main point that the article is trying to get across.

This.

Author of the article is a dumbass. He apparently thinks Huffman compression is proprietary to Intel.

No. The article states that the ME code is stored in a non-standard (aka proprietary) format which has been partially decoded for some versions of ME.

 

[master_shake_]

Don't worry though, all the US intelligence agencies are so inundated with data they can't parse in any reasonable timeframe that they stop literally no crimes. If you're a criminal, it's all gravy. Keep crimin'




The real use for all this, is for when they find a political opponent they need to silence. Say, somebody who wants to cut the NSA budget. Log into ME. Steal data. Extort.

this.

they can only master hindsight never foresight.

 

[frozentundra123456]

Yea, this is old new is it not? And everyone has forgotten to mention that the author conveniently has a solution he is trying to promote for the "problem". I might be concerned about this if I were a business with a lot of proprietary information, but for the general user, not so much.

 

[bononos]

Yea, this is old new is it not? And everyone has forgotten to mention that the author conveniently has a solution he is trying to promote for the "problem". I might be concerned about this if I were a business with a lot of proprietary information, but for the general user, not so much.

AFAIK he is involved in coreboot and libreboot which are freeware/open source/libre projects. And those projects aren't a solution for the Intel ME backdoor.

I was just really surprised when I read this. I got the link to the article on reddit about the super computer in china and why they aren't using american tech.

I don't like having a backdoor to my pc. But I also realize I am way to minuscule to even warrant a peek from any of the agencies. Just another nobody.

This backdoor cpu thing got another look after Snowden blew the whistle in 2013. Steve Blank thinks that the NSA put the Intel backdoor thing to work after Snowden detailed how the NSA got hold of unencrypted messages - which would mean either Microsoft built-in a backdoor into Skype or the Intel ME backdoor was used.

 

[superstition]

Reads like a bunch of tinfoil hat stuff.

Conspiracy is a full-time job. It's called making money and making sure people who have it get more of it and don't lose it to others, like the masses.

I have to chuckle when people talk about conspiracy as if it's rare. It's not. It's how elites are elite. Law itself is a paradigm of protecting/maintaining that privilege.

I'd just like them to deign to spend a bit more of their hordes on things like GaInAs nanowires so we can get better toys that spy on us.

 

[superstition]

I guess this really doesn't concern us, the small fries. only people who are in position of power or countries stand to lose over security concerns.

Of course it concerns us. It's just that we're going to have to be content to act as if it doesn't. Volunteers running TOR exit nodes who get harassed because of bogus accusations, for instance — that's a clear enough example of how even law-abiding citizens can get trampled on when it's politically expedient.

One can try to curtail all sorts of technological participation to evade potential unlawful harassment/retaliation but, eventually, that can come to your home to roost. It depends on how passively you use technology.

The dossiers/folders profiling can be used to keep anyone down. Maintaining privilege can sift upward or downward through the political hierarchy. Who is lobbying who?

 

[ShintaiDK]

If you're worried about this stuff, which was designed for enterprise remote management and fairly well documented for at least 10 years, are you also worried about your hard disk, wifi, ethernet, GPU, and CPU microcode firmware? If you are, then you should stop using computers at all. Or just keep your computer off the internet.

1+ :thumbsup:

This.

Author of the article is a dumbass. He apparently thinks Huffman compression is proprietary to Intel.

And this :thumbsup:

Drama sells, reality doesn't.

 

[cytg111]

If you're worried about this stuff, which was designed for enterprise remote management and fairly well documented for at least 10 years, are you also worried about your hard disk, wifi, ethernet, GPU, and CPU microcode firmware? If you are, then you should stop using computers at all. Or just keep your computer off the internet.

That is hardly the same. At all. You can audit that firmware, you cannot audit IME.
You could rape said firmware to do things behind your back. true.
IME's sole mission is to do stuff behind your back (for your own good of course, wink wink).

The fact that AMD has it too does not make it right, it makes two wrongs.

Eff that *.

http://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub

(was it here someone hinted that the private keys had been seen in the wild?)