It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Over the last decade, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can shuttle data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is off, and with the right software, you can wake it up over a network connection. Parts of this spy chip were included in the silicon at the behest of the NSA.(emphasis mine-badcabbie) In short, if you were designing a piece of hardware to spy on everyone using an Intel-branded computer, you would come up with something like the Intel Managment Engine.
Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is only a local attack, one that requires physical access to a machine. The cat is out of the bag, though, and this is the exploit we’ve all been expecting. This is the exploit that forces Intel and OEMs to consider the security implications of the Intel Management Engine. What does this actually mean?
What the Management Engine Is and Does:
Intel’s Management Engine is only a small part of a collection of tools, hardware, and software hidden deep inside some the latest Intel CPUs. These chips and software first appeared in the early 2000s as Trusted Platform Modules. These small crypto chips formed the root of ‘trust’ on a computer. If the TPM could be trusted, the entire computer could be trusted. Then came Active Management Technology, a set of embedded processors for Ethernet controllers. The idea behind this system was to allow for provisioning of laptops in corporate environments. Over the years, a few more bits of hardware were added to CPUs. This was the Intel Management Engine, a small system that was connected to every peripheral in a computer. The Intel ME is connected to the network interface, and it’s connected to storage. The Intel ME is still on, even when your computer is off. Theoretically, if you type on a keyboard connected to a powered-down computer, the Intel ME can send those keypresses off to servers unknown.
For several years now, researchers have been investigating the set of chips Intel has included in their latest CPUs. Unfortunately, Intel decided that closed-source was the way to go, and with that security researchers had an idea of what the Intel ME could do, but had no idea how that was done, and whether or not there were any security holes. This week, that wall was breached. Now anyone can execute arbitrary code on the Intel ME with a USB stick.
Consider this Stage One. The ultimate exploit for the ME is one over the network interface. With that, anyone can own an ME-equipped computer from anywhere on the planet. This exploit does not exist yet, and we know this by the fact there isn’t a new, massive botnet mining Bitcoin.
Until that day comes, we’re only left with the realization that yes, the nerds were right. The idea of the NSA putting hardware in every computer sounds absurd, until you realize it actually happened.(emphasis mine-badcabbie)
Over the last few decades, the general population has been dragged kicking and screaming in the world of information security. In the 80s, it was as simple as not writing your password down on a Post-It note. In a few years, we’ll get to the conversation about how Alexas and Google Homes are an Orwellian nightmare. Until then, we’ll have to use the Intel ME exploit as another example of how important security is, and how vital it is to listen to the people telling you, “this is bad”. Code that can’t be audited is code that can’t be trusted.
Can You Disable It?
You can’t disable the Intel ME. Even if you disable Intel AMT features in your system’s BIOS, the Intel ME coprocessor and software is still active and running. At this point, it’s included on all systems with Intel CPUs and Intel provides no way to disable it.
While Intel provides no way to disable the Intel ME, other people have experimented with disabling it. It isn’t as simple as flicking a switch, though. Enterprising hackers have managed to disable the Intel ME with quite some effort, and Purism now offers laptops (based on older Intel hardware) with the Intel Management Engine disabled by default. Intel likely isn’t happy about these efforts, and will make it even more difficult to disable the Intel ME in the future.
But, for the average user, disabling the Intel ME is basically impossible—and that’s by design.
Last week, System76 announced that it is working to disable IME (Intel Management Engine) across their product line. Not just on new machines, but on laptops (etc) already shipped. I bring on one of their engineers, along with their head honcho, to talk about exactly how they're doing it and what it means.
Why Purism has the uncommon ability to run a freed ME
The reason the Intel ME is so impenetrable is that you have to combine hardware selection, hardware configuration, hardware fuses, and firmware, which requires to push into the manufacturing and fabrication process. There is no other way to do it consistently over time. This is one of the many reasons Purism started as an organization: to solve really hard problems by manufacturing hardware that can fully respect users freedoms in the future. As mentioned in Purism Business Model and Vision, the model of “buy hardware, install free software” is aging, due primarily to the fact that there is a growing cryptographic bond between proprietary non-free signed binaries and the hardware that they run on. This bond renders it mathematically impossible to give each user control. Cryptography is superb when in the hands and control of each user, but it is nasty when it strips the users’ control.
Purism learned through the supply chain (and the provided manufacturing documentation) that we, as the motherboard fabricator, have a lot more control than the end-user does with regard to the Multichip Package (MCP). Choosing Purism as the manufacturer gives each user freedom, privacy, and security because Purism believes in giving users freedom, privacy, and security. These options would probably never see the light of day otherwise.