For those who own Intel CPU and value privacy

Discussion in 'privacy general' started by Stefan Froberg, Apr 5, 2017.

  1. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Almost all the modern Intel CPU's contain a thing called vPro.

    It's and umbrella marketing term that contain lot's of various technologies but the first and most important is Intel's Active Management Technology (AMT).
    It's an firmware that is run by secret ARC microprocessor.
    Intel calls it "Intel Management Engine (ME)". Basically, another CPU that has total control over your computer, network connection, bypassing any OS and giving access to your computer remotely possible.

    On some BIOSes you can disable AMT but there is no way to disable or remove ME or way of knowing if it can enable AMT back again.

    So here is a small list of modern Intel CPU's that don't have vPro and so, in theory, should not also have AMT and ME inside.

    https://www.orwell1984.today/no_vpro_for_me.html

    These things will eventually (already?) get hacked by hackers or you know who ...
    And then the **** hit's the fan if you have Intel CPU with this vPro **** inside. :(
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

    Actually, according to Intel:
    https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

    You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors

    Intel's mitigation guide: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075 Mitigation Guide - Rev 1.1.pdf
     
  3. plat1098

    plat1098 Guest

    Many, many thanks. I checked and discovered I have the vPro so I used the Intel mitigation guide to delete the LMS service. This forum rocks!
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    My CPU also has vPro. To be clear, is this section all I need to do?
     
  5. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    I must admit that I don't fully understand whether this all is effecting Intel-based consumer PCs.

    From one of the quotes quoted by mirimir:

    Am I misunderstanding or missing things now? A bit confused now ...
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Seeing all these vulnerabilities reminds me of a not so funny joke I heard many years ago - I've been reading about the ill effects of smoking, drinking, over-eating and lack of exercise so I've decided to give up reading. Seriously though, I doubt we will ever have a secure machine and with every patched vulnerability two more are discovered.

    I don't think I'll worry about this one. :doubt:
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I don't know Windows. In Linux, you can check for an MEI controller:
    Code:
    # lspci | grep "MEI"
    And whether MEI kernel modules (mei and mei_me) are loaded:
    Code:
    # modprobe -nr mei
    # modprobe -nr mei_me
    I'm sure that there's something analogous in Windows.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It seems pretty clear that MEI is part of vPro. But even if your CPU has vPro, your chipset must support MEI. And even if your CPU has vPro, and your chipset supports MEI, MEI must be configured.

    Bottom line, only high-end consumer PCs could be vulnerable, and only such PCs managed centrally are likely vulnerable. Some high-end consumer PCs might have MEI configured by default.
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    From your link to the PDF I ran this and the file was not found.
    Code:
    netstat -na | findstr "\<16993\> \<16992\>
    \<16994\> \<16995\> \<623\> \<664\>" 
    I guess that might mean it isn't configured.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Not listening, anyway. You're probably OK :)
     
  11. guest

    guest Guest

    Everybody knows that network cards have a radio emitter that send your traffic to "official" listener :p /s
     
  12. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
  13. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    One of my laptops has vPro. Over a year ago LMS would consume 50% CPU and run for hours on end, so I disabled the exe way back then. On reading the thread today I am glad I did. Today, I ran the delete command rather than the disable command. NB: I think that disable command needs a space after the equal sign.
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Microsoft Windows [Version 10.0.14393]
    (c) 2016 Microsoft Corporation. All rights reserved.

    C:\WINDOWS\system32>sc config LMS start=disabled
    [SC] ChangeServiceConfig SUCCESS

    C:\WINDOWS\system32>sc delete LMS
    [SC] DeleteService SUCCESS
     
    Last edited: May 5, 2017
  15. plat1098

    plat1098 Guest

    Krusty, it seems for consumer machines, it's a personal choice and not particularly dire. I have a business machine and tried unsuccessfully to do something about Intel ME some time ago. The machine has firmware version 11.0.0.1168 which is among the vulnerable versions. Even though my risk was relatively low, I was very glad to remove LMS finally, though it seems you have to ensure it doesn't get reinstalled down the road.
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Mirimir, thank you!

    =====

    Some other links:

    Tom's Hardware : http://www.tomshardware.com/news/intel-amt-vulnerability-me-dangerous,34300.html

    DSLR forum : https://www.dslreports.com/forum/r31388331-Intel-AMT-SBT-SME-Escalation-of-Privilege-CVE-2017-5689
     
    Last edited: May 2, 2017
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Woah, this is amazing.

    https://arstechnica.com/security/20...-in-intel-chips-is-worse-than-anyone-thought/
     
    Last edited: May 7, 2017
  20. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Broken link in this part of the quote:
    That part should be:
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    OK, fixed :)
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  24. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    I have a Lenovo desktop affected by this problem. What I did was just to uninstall AMT. Is this enough?

    Afterwards, the Lenovo updater (System Update) began offering the AMT driver as an update, but 2 or 3 days later it disappeared from the update list. I will update the firmware when the patch becomes available.
     
  25. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Unlikely since AMD and Arm have their equivalents. And, even worse than "normal" buggy software, we have hardware companies "doing" software. Not a pretty sight I've found.

    The real issue with all this is the pretty much absolute avoidance of liability that software and hardware companies have - I mean, I get why you don't want consequential loss, on the other hand, that rests on people and companies not being negligent. This level of dreadful surely warrants the negligent label - at the very least, you should have independent audit as a CYA measure. When you're negligent in the real world, you have to do things like face class action lawsuits which award significant compensation. Even the recall scene imposes substantial costs in the physical world. But here, we have Intel - what are you going to do?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.