I personally don’t worry too much about it, I knew what I was buying when I bought a CPU that wasn’t open hardware. They could open source ME and build their super secret backdoor directly into the fabric, what would you then do?
All I’m saying is that smart people have dissected ME, they know how it works, and they didn’t find a smoking gun.
Is it possible to setup an old PC, with an old CPU with no ME, as an intermediary between my ISP modem/router and my fast home PC (which has ME)?
This way, NSA could get into the ISP modem/router, but they couldn’t get any further because the intermediary doesn’t have any ME.
How to do this? I want to connect the home PC with an Ethernet cable BTW, not WiFi.
Are such network setups even possible? What keywords am I looking for? That intermediate computer would be sort of a “hub”, so to speak.
I am no expert on any of this, so please correct me if my assumptions are wrong.
Hence:
… they now have network connected KVM without me having any way of knowing. No amount of locking down the router will help, since it’s an outgoing connection that could disguise itself as whatever (e.g. HTTPS).
HOWEVER…
Is this a realistic thread to me? No. I’m just a security enthusiast with no access to anything worth exposing such a zero-day. But as a matter of principle I simply don’t like the idea of this separate CPU running who knows what and my computing doesn’t suffer from being restrained to a 10 year old CPU with 16 GB RAM. But that’s only true because I gave up on Windows on Qubes and run it on a separate computer that I VNC into. That one has a modern CPU, 32 GB of RAM and ME enabled. It’s where all my corporate stuff lives and IT installs all kinds of “end points” and whatever on it. If there is one leaky device it’s that one. 
Is it worth obsessing about? Again, for me no. I have all kinds of phones and tablets lying around and so does my wife. If I had real security concerns neutering all build in microphones and cameras would be the first order of the day before worrying about ME in my laptop.
… SO WHAT?
You have to make your own assessment of your threads. Who do you want to protect from? What are their capabilities? Are you kidding yourself? Are you obsessing about your Qubes OS computer while in the same room / apartment you have all kinds of internet connected devices anyone could hack into by doing a Google search? Whoever your opponent is, they will FOR SURE use the EASIEST and LEAST EXPENSIVE method of compromise. You’re having an Android phone in your pocket? … Alexa on your desk? … don’t sweat the ME. You got other fish to fry
“NSA has the manpower, they can get in regardless” ← is what I was going to say, but if you look at snowden and julian assange, they were using computers to leak government info and were actively pursued by the government. It’s all about your personal threat model. For me, I just don’t want code that hasn’t been audited by any normal person to be running on most of my hardware.
Example setup looks like this:
ISP (hostile network) → Modem in bridge only mode (closed source code) → LibreCMC router (free software) → Libreboot computer (free software BIOS)
Why is executing something in dom0 necessary? If Intel ME has full access to CPU and RAM, then any Javascript code could be sufficient, couldn’t it be?
Sure, if the attacker has:
Again, I am not an expert but I assume in order to attack and command the ME one would need to be in dom0. Granted I am just guessing.
I talked about the scenario where the ME as it is might be proprietary and closed source but not malicious per se. An attacker with knowledge of an ME zero-day could take it over and make it malicious.
I don’t think this would be possible without physical access and tech that only exist in theory.
It should be in theory be possible to make a mod chip that uses the BUP exploit and JTAG to load a custom ME image, but I don’t think there is any way you can do this only using software.
Again, I am not an expert and welcome any comment pointing out a flaw in my argument.
In this specific case I have observed updates to the ME of my Lenovo P51 running Windows 10. These updates prepare under Windows, then restart the computer at which point the ME is flashed. I have observed this multiple times and it’s all software.
Yes, I assume these updates are secured by signatures etc. …but what if the private key for these signatures get’s into the wrong hands? … what if the ME signature check has a vulnerability or can be circumvented somehow?
I’m pretty sure you are mistaken as demonstrated by the above example. Lenovo had no physical access. They simply “tricked” me into running a piece of software.
Fair enough, it wasn’t clear that you meant the attacker also had access to the Intel signing keys. I understood it as you meant someone with only an zero day would be able to patch the firmware ROM.
I don’t know @renehoj. I have some ideas but are not sure if they are applicable.
There are teams hacking into iPhone, Xbox, Playstation and many other devices all the time. They don’t have the keys either.
The crux with this argument is that we don’t know what we don’t know.
Admittedly I’m in FUD territory now.
For me it all comes down to the fact that there is a KVM build into my computer and I have no control over it. It’s creepy and I don’t like it. Simple as that.
Someone in the government thinks it’s creepy too, otherwise there wouldn’t be those special builds that have the ME disabled. And why can’t “normal” people buy those? What’s up with that?
I know. FUD. I’ll stop.
You can control this part, at least in theory you can, ME doesn’t prevent you from disabling or removing AMT.
Networking/KVM and the ability to control the power state of the system are both AMT features, it’s not ME features.
I think the government also felt it was a security risk, and there is no denying that it’s a security risk, but that doesn’t make it a backdoor.
Not sure exactly how HAP works, but from what I understand it completes the boot process and then disables ME. This make me believe the government wanted a way to disable ME, but still use the secure boot feature, which seems like the best of both worlds.
Many smaller companies sell ME disabled system, Dell is probably the biggest company that sell systems with ME disabled. I think this is mainly a supply and demand issue, most people don’t care about privacy, without the demand the companies don’t create the product.
Privacy does seem to be gaining some momentum, I don’t think it’s impossible that options to disable ME and ATM are going to be available in most bios firmware in the future.
I don’t understand how you came to such conclusion. Here is how I imagine it in more detail:
ME is reading everything that is happening in RAM.
You open Javascript with a “secret code” for ME. AFAIK Javascript runs in RAM.
ME finds that signal and gives a command to dom0 to connect to a remote server.
Game over™.
You can buy one of them System76 laptops, which contain some of the latest CPUs and are corebooted.
Me neither. I simply don’t know. And it’s not knowable with reasonable effort. That later part is why it’s unacceptable to me and you I am sure.
Can someone please answer this question:
If my entire local network is sitting behind a router without ME, and port forwarding can only be done on this router, is my entire local network safe against ME-based attacks, regardless of whether those machines have ME?
The idea being, if Intel/NSA can’t even connect to those local machines to begin with, isn’t the ME kinda useless to them?
But can ME itself connect to NSA? See my imaginary example above: Let's get to the bottom of this - how can I control my home Qubes computer using Intel ME? - #26 by fsflover.
A smart person can pivot from another box on your network to initiate an ME attack. Think of that dusty windows computer on your network or the router itself.
Your paranoia is more than justified… There’s just nothing to be done about it because the people with the brains, the people with the money, and the people with the guns all want more power for themselves and less power for us. Mark my words, in just a few decades it will be impossible to purchase any electronic device at all that doesn’t force constant surveillance from at least 1 big tech company, not even a pocket watch, 90% of the population will be perfectly okay with that, and those who aren’t will be outcast even more harshly than we are today. Best you can do is invest on older systems and parts NOW before we start having to pay vintage/collector prices for stuff from 2010.
Marked.
Haha, you said it! “Hacking into iPhone” - Triangulation. Quote: “The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.” - undocumented, proprietary, closed source… There is a reason (and several multibillions-backed state organizations) why these kind of things exist.
Anyway, as there were opensource routers mentioned above, there are some good projects like Turris routers. As for router OS, OpenBSD seems to be a good choice.