Intel ME - real threat for ordinary persons?

Dear Qubes community, I would like to ask you for your personal opinion. I have option to have new Lenovo T490 or NitroPC x230. Lenovo T490 will have nice performance and quality, but it will have active Intel ME. NitroPC x230 will be refurbished and less powerful (only 16 GB RAM and 3th gen of CPU), but it will have Intel ME removed. Do you think that Intel ME is real security threat for ordinary people or it is dangerous just for high level persons like Snowden? If I understand it correctly, it is not possible to exploit Intel ME remotely, so it makes sense to have newer Lenovo T490 with Intel ME right?

Thank you very much for yours opinions!

This is a very hard question. Intel ME has access to everything and nobody knows what it does. Nobody knows for sure whether it can be exploited remotely (no evidence for that currently). Everyone decides on their own how important this problem is depending on their threat model.

Current understanding is indeed that only NSA and co. can exploit it. Note that Qubes OS recommends devices with open-source firmware and as few blobs as possible and celebrates when a device has a neutralized Intel ME.

Hi @CaesarVialpando,

it appears you misunderstand a bit what the difference between those two machines would be in terms of security. In fact it is likely that you would be able to neuter/disable ME on the T490 (not trivial, but doable).

What a NitroPad X230 will provide you is a lot more than a neutered/disabled ME.

Tamper Detection Through Measured Boot
Thanks to the combination of the open source solutions Coreboot, Heads and Nitrokey USB hardware, you can verify that your laptop hardware has not been tampered with in transit or in your absence (so-called evil maid attack). The integrity of the TPM, the firmware and the operating system is effectively checked by a separate Nitrokey USB key. Simply connect your Nitrokey to the NitroPad while booting and a green LED on the Nitrokey will show that your NitroPad has not been tampered with. If the LED should turn red one day, it indicates a manipulation.

coreboot is an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems. As an Open Source project it provides auditability and maximum control over technology.

Heads is not just another Linux distribution – it combines physical hardening of specific hardware platforms and flash security features with custom coreboot firmware and a Linux boot loader in ROM. This moves the root of trust into the write-protected region of the SPI flash and prevents further software modifications to the bootup code (and on platforms that support it, Bootguard can protect against many hardware attacks as well). Controlling the first instruction the CPU executes allows Heads to measure every step of the boot firmware and configuration into the TPM, which makes it possible to attest to the user or a remote system that the machine has not been tampered with. While modern Intel CPUs require binary blobs to boot, these non-Free components are included in the measurements and are at least guaranteed to be unchanging. Once the system is in a known good state, the TPM is used as a hardware key storage to decrypt the drive.

So when running Qubes OS on a T490 even with neutered ME, you are still subject to “evil maid attacks”. Yes, there is AEM, but that in turn relies on ME … so clearly Coreboot/Heads plus a Yubi/Librem/Nitrokey are far superior.

Make sure you understand the implications before making your decision. I personally “downgraded” from a ThinkPad P51 to a ThinkPad T430 and modded it myself to be the security equivalent of a NitroPad T430. Technically the CPU is slower and I have less RAM, but I find the difference almost negligible. Especially if you invest in a decent SSD and use minimal templates. However from a trust perspective this is far superior!

Not now. If an exploit exists, the possibility that anyone would risk burning to get an “ordinary person” is close to zero. I would say it is like 0.1% of chance to be attacked by NSO Pegasus 0day.

Thank you very much!

Is the number relevant? I have no background in IT but surely just 1 single malicious NSA blob in Intel ME would compromise the entire machine even if you remove 100 other blobs? Apologies in advance if its a stupid question

I just want add here that Intel ME isn’t the only such technology. AMD had their equivalent (PSP) that is less known but may be the same threat.

Can You link some info about disabling ME? Year or two ago I start beeing paranoid about my old secondhand business class Dell Laptop that turning itself on everyday on 11:00 AM (that was probably caused by some glitch after updating its BIOS, since it gone after setting “power up on time option” and disabling it again). Only thing I found then was some tool for mitigating some ME connected CVE that allow me to check that AMT is unprovisioned state, that remote administration is disabled, and also allow me disabling local administration via some CLI command.

Ok. Found that tool: GitHub - corna/me_cleaner: Tool for partial deblobbing of Intel ME/TXE firmware images and I think it will be totally doable on my current machine since the ME firmware is flashed independently from BIOS, and as far as I remember I can just swap binary file in ME update package. Now I just have to rethink if ME is a threat for me on that machine (since that one is not secondhand and don’t have AMT).

Indeed, one single malicious blob with such access can compromise your entire machine. However,

• If it is not malicious but just buggy (as any code is), then the less code the better, since less vulnerabilities would fit there on average;
• if it is malicious, then the less code it has, the less flexible it is and less possibilities for interactive actions it сould have. You cannot do much with 360 KB on my Librem 15, especially considering that it must power on the system and perform a few low-level tasks at the same time.

Is 360 KB enough to have an active access to the Internet? Some people say no (and I personally have no clue).

One could expect that the neutralized part of Intel ME (which is 85.58% of it) contains most of the bugs and backdoors anyway, since it probably wasn’t developed in the assumption that we would cut it.

What scares me the most is that Intel Me is (in) ring -3 and has it’s own MAC and IP addresses and even web server…!

Windows used to have an automatic update that turned on during the hours of darkness to look for an internet connection and update itself.

If the laptop is in a bag, it could overheat. If one left it for a number of days unplugged, it might kill battery. Once the battery was low enough, even plugging it into the mains will not allow computer to be turned on. Main Battery must be replaced with a battery that has some charge, even if the mains are there.

Rumor is that Intel ME has its own modem to get online. I do read that with a un-patched Lenovo X230, if one changes the ‘WiFi Adapter’ from the original, then the laptop will not boot up. As we recently had an Intel Firmware update, and they did not take the opportunity to disable ME, I think that is a statement about how Intel thinks of what they are doing. I read that the Intel ME is still on current processors, but that may have been a rumor.

I read that Intel has a list of potential exploits of firmware, although that does not mean the exploits have ever been used.

I read that no one has ever known Intel ME has ever been used. I would hypothesize that Russia and China know how to use the ME Exploit.

I have read some who say that if the NSA wants to get into your computer stuff, the individual can make it a bit difficult, but the NSA has more resources and tricks that we know of.

I have read that Intel ME is not on Server’s, but I do not know if that is true.

I would doubt if anything I do is worth releasing some of these exploits on me. I am not important. I can not do anything that is of much interest to the NSA, or other major players. I might come up in a net of interest.

Also keep in mind, the US government supports Tails because it is part of Whistle Blowers. People who rat out bosses and those who steal from the government/corporations. And how the US gets information from citizens of other countries we see as opposed to Human Rights.

So my feeling is that Qubes is not on the bad list of the NSA or US government. I am often incorrect. I like my dream world.

I just recall that Guy who works for NSO or one of their clients and use Pegasus to spy on his girlfriend. There always can be a human factor.

You’re far more likely to be burned by a firmware exploit, if not an exploit in linux (or the big chrome-style crap app you’re forced to use) or linux-package.
However exploits are stockpiled and 0days are far more common and cheap than most think.
Given Intel’s Management Engine runs on an essentially monolithix minix system, whose code security is an aftethought given they’re driven by new features and optimisation - simply to stay in the CPU game, it follows that there’s an abundance of bugs available to exploit.

But as I said, you’re far more likely to be burned by firmware vulns.

I read the NSO Pegasus initial purchase is five hundred thousand dollars. To put it on ten devices is six hundred fifty thousand dollars.

Keep in mind that while older notebooks like T460/X230 etc can properly disable ME and have coreboot support, they are no longer supported with microcode updates. With all the CPU sidechannel vulnerabilities these days, that may be a risk in your threat model.

I am very interested in this subject.
Would the w541 be spied upon easily then by strangers when it comes to intel me?

Are you saying one blob in the x230 or w541 is like a virus then or some hardware backdoor for them to just click into a computer and check out what people are doing around the world?
The w541 do demand some google blob for the hardware and that do not sound good… Is intel me enabled even after trying to disable it on the w541 then?
Do you need an old cpu like x230 without blobs to be sure me is disabled then or a an libreboot machine that can’t run qubes?
Old computers where cooler. Before “the world”/the elite or governments to be more specific, and some small institutions or companies… wanted control of the whole planet… And wanted to know what everyone was doing. Some people where not as controlling of others before the internet… People trusted each-other more then i bet. Kinda feels like the internet has turned into a machine of control now… And the digital products and it’s tailored blobbed software. Not all though. Not qubes. If people have the right hardware that is. The right VPN and don’t pick the wrong services and so on… If they like some human basic privacy rights that is.

Anyways!
TL:DR

Is one blob enough then… do most new cpu’s with one blob enable intel me even if let’s say coreboots me cleaner has tried to clean the cpu backdoors as much as it can then?
Can you even disable new laptops like the example one? Or are these new laptops a selling scam?
Like the new purisms and so on? Corebooted w541 or whatever…
x230 without a blob seems the best. One blob on x230 might even enable intel me am i right… Or is it the newer haswell machines that requires a google blob mostly perhaps.
Would a cleaned intel me be as safe on a x230 as a w541? the blob insert picture

Real threat to an individual from Windows ME, since this use has not been seen “In Real Life,” (IRL) and is obviously being withheld by those capable of deploying it. Therefore it would cost a lot of money to buy the exploit (of course illegally buy)

The real question is. What have you ever done, or some rich power group think you are thinking about doing. that would cause them to use a really expensive exploit on you.

As for what someone might think I might do. I have not done anything to piss anyone off. Well. Not lately.

Although I think it’s a huge amount, it’s not when you think that a couple of years of wiretapping, including installation of the devices, unwinding by private companies, etc. is in the range of a few million dollars, and these are actions that police often take to spy on, for example, political movements and conduct actions against them.
However, I think in most cases they don’t go through Intel ME, although I can’t say that for sure and it’s a topic that I’m getting very interested in as well.

Yes, CoreBoot use blobs, and even for x230 it use one blob that can be obtained only from original x230 flash. Problem here is the fact that the hardware is almost never open, and firmware also is mostly closed source. So creating truly open firmware will be hell lot of reverse engineering work. And the support will always be many years after the hardware (look how long it takes to create drivers for some devices in Linux). So using blobs is a shortcut. And this is also a way that companies like Intel, or Google want to contribute in such projects. They give their support (since Intel sees a market for “open” firmware which means companies like System76, Purism and Google), or contributing in the project (since for Google is faster to use CoreBoot then writing its own BIOS from scratch) but keep their secrets for them self.

Ok. So they can easily hack a machine with a google blob then? Kinda like just click into the machine then?
Should these connections be active in qubes by default? Or is the machine hacked? In sys-vpn as example… dom0 is hacked then right? And the only way to tell is to install some script in dom0 right?

Ip:
38.145.60.20 redhat.com
194.71.11.163 umu.se
It’s not a mirrir by default right?
Index of /mirror/qubes-os.org/repo/yum/r4.0

I use 4.1 so yeah.

Do illegal hackers use hosting companies as proxies or what? Like VPS and such?
I wish they just respected other peoples privacy instead…
Is there supposed to be any connections active in sys-firewall or sys-net even?
Why can’t qubes have some alarm sound going of when a system is hacked instead? That would be a great idea. By default. Some HIPS that shouts like an alarm when a qube installation is hacked. Brilliant idea and solution for this OS in my opinion, if people want to be private from hackers that do not respect others computers at all.
How can you get less paranoid about qubes being hacked? How can you even tell? Implement that please by default… Would be like the best feature needed in a secure OS. A sound going of when dom0 is hacked.

Does anyone get traffic from ovh in firewall if you let in all connections?