Open ginto37 opened 4 years ago
czeej
commented
4 years ago Would anyone know if an associated wifi card could pass on Wireless credentials to intel ME? Also I am curious if intel ME Minix Kernel has keylogging capabilities which would defeat most disk encryption.
czeej
commented
4 years ago While I believe that for sure.D-link got heat for a roodkcab. I've seen intel staff that seemed excited about AMT when it dropped with probably good intentions. However, It has such low level access. I am always skeptical of trusting it. Just like some fancy mice with keyboard emulators and keyboards with cpus. How many of those are exploitable as well. Although, I'd like to believe PS/2 keyboards are pretty damn hard to exploit.
Especially in laptop space because much of hardware is hard to change so firmware vendors know what to develop for. Firmware can be particularly nasty. Slightly off the ME topic but check it out. Vulnerable possibly several implementations and versions.
https://hacked.com/israeli-researchers-turn-speakersheadphones-eavesdropping-microphones/
Although the way speakers work, i'm not surprised they pulled this off ^-^. Maybe just because their firmware does input as well. Although, I have no idea myself. Just the amount implementations out there different bios vendors and ext may just leverage the ME while ME itself might not a backdoor but it does have a ton of root certificates for trusted communications. Just like your browser would have.
ME does have many capabilities. However, usually removing ME does not disable many of Intels capabilities with known vulnerabilities. Such as Pre-fetching and speculation features. But at least they are known ;)
ginto37
commented
4 years ago Gabe Gałązka:
For now the general consensus is that you use pre skylake hardware to avoid the majority of intel exclusive vulnerabilities (Intel are essentially recycling skylake constantly since it's release) and AMD Zen 2 has the least amount of attack surface at the hardware level implementation. Sure it's got the PSP, but the PSP does not have network access, which is the key attack surface in the Intel ME (IMHO). The PSP is also based on TrustZone a more proven TEE system (IMHO) used in most if not nearly all modern android based devices. With all signed device firmware you are placing trust in the distributor/manufacturer. It's a matter of user control and unless you are actively being targeted specifically it is unlikely that said trust will be used to impact you specifically.
Guys, OP here. This is not on-topic for this Issue. Please move this discussion to a new Issue. Thanks.
skochinsky
commented
4 years ago To answer the question as asked, "capabilities" in this case refers to "available/enabled features" in the ME firmware. The stock ME firmware from Intel comes with many modules the set of which changes based on the edition (Consumer/Corporate/Slim) and they can further be disabled by the OEM or at provisioning time with various granularity. You can find toggles for most of them in the OEM-targeted Intel Flash Image Tool (FIT).
ginto37
commented
4 years ago Igor Skochinsky:
To answer the question as asked, "capabilities" in this case refers to "available/enabled features" in the ME firmware. The stock ME firmware from Intel comes with many modules the set of which changes based on the edition (Consumer/Corporate/Slim) and they can further be disabled by the OEM or at provisioning time with various granularity. You can find toggles for most of them in the OEM-targeted Intel Flash Image Tool (FIT).
That's interesting, but I was hoping to find out more about what each module actually does. You sound knowledgeable on the topic, I don't suppose you could fill in some of the gaps? Maybe you have a link to official info about each module?
Hi,
I wanted to make this a separate post even if it's about the same device. The X250 I posted about has a lot of the ME Capabilities listed as "ON" by intelmetool, and I decided I'd like to know what that means before buying it.
The one I'm concerned about the most is the
Wireless LAN (WLAN)option - does this mean I'd have to use a USB Wi-Fi dongle to be sure that the ME wasn't monitoring and using Internet traffic? Which other ones should I be concerned about?I thought this thread might make a good reference for people, because there doesn't seem to be much about this, not that I could find after a good search even on Intel's website. Maybe others could post back with more info?
I think ICC means "Integrated Clock Controller" - I'm not sure what Over Clocking it would do.
Used for Microsoft PlayReady DRM, probably also HDCP and allows ME to intercept all graphic rendering, I think.
OOB Remote KVM capability