
Spyware Dolls and Intel's VPro - robin_reala
https://danielpocock.com/spyware-dolls-and-intel-vpro
======
madez
I hope for european authorities to force Intel and AMD to offer chips without
ME and consorts and providing guaranteed complete documentation and control to
the users. Food is regularly sampled and controlled. I think the same for
electronics is necessary. EU, why do you sleep?

1\. Is there a justification for it? Yes, Intel and AMD have together a
monopoly for fundamental parts of consumer and business computers. They do not
leave the choice to avoid ME and equivalents. The products are fundamental and
the functionality can be provenly malicious. That allows anti-trust measures.

1.1 But aren't OpenPOWER, RISC-V, ARM, ..., alternatives? No, because the
products either don't exist, are not suitable for the needs, or have similar
issues with lack of documentation and guaranteed control for users. Please
correct me if I'm wrong. I expect hardware level reverse engineering to check
for backdoors.

2\. Can authorities force them to change their offering? Not directly, but
they can do it indirectly and effectively by forbidding selling their products
without change. Or by charging them huge fees for every CPU sold while not
offering an alternative.

2.1 Can the authorities check the hardware? Yes, but it is time-consuming and
needs experts. Since it could be done for the whole of Europe, the load can be
shared. Food controls also need experts, are time-intensive and don't work
perfectly. Still, it is working generally good.

3\. Is this likely to happen? The authority needs to be willing to face huge
and important companies and be able to withstand political pressure. German
authorities are hopelessly incompetent when it comes to digitalization and
computers. Maybe EU's organisations wake up. They have shown to be willing to
face huge corporations and speak clear and understandable words with them.

~~~
jacquesm
> EU, why do you sleep?

Lack of alternatives. Even though NL for instance supplies critical equipment
to all fabs there is no way the EU could force Intel or AMD to do their
bidding because they could not possibly check if what they agree on is what is
actually being done.

The EU still sees the USA as an ally (though it is clear the reverse is no
longer the case) and this to some extent explains the lack of rigor here.

China and Russia are in a better position to deal with this problem and they
seem to have chosen to create their own chips rather than to attempt to make a
deal with the giants.

I'm sure France and/or Germany would love a EU processor if only for the
prestige but I'm also quite sure that that processor if and when it saw the
light of day could not be trusted any further than Intel or AMD now.

~~~
madez
Why couldn't there be a law requiring all computers sold in the EU to have
full documentation and complete controls for the user? I don't think this is
impossible or surreal.

I think there are ways to check for certain things, if you have enough
leverage. Also, if you demand high-level decription of hardware that is turned
into circuits in europe, then that would make supervision way easier. As far
as I remember there are also centers where Microsoft let's governments see
Windows source code.

Europe already has chips with the same problems, namely ARM. If there is
political pressure to create a new one, I'm confident that they will enforce
people-protecting regulations.

Also, I don't think Chinese, Russian and USA cips have the same backdoors.
Thus it us possible to protect against them by majority vote on output for
given input.

------
reacweb
If an Intel employee go broke and sell privates cryptography keys and IME
documentation to a hackers group, how many computer have to be replaced in the
world ? Security by obscurity has never worked in long term.

~~~
AstralStorm
Technically, from what we know ME firmware is flashable and possible to update
except baked in private keys to verify signature.

Of course, it is still a single point of failure, would be much nicer if Intel
provided documentation on chipset and CPU init as well as a way to replace
those keys. (Say, hardware switch to enable write pin on some EEPROM.)

The big trouble is the huge attack surface of the vPro not running in magic
unsupported "trusted mode" while not being properly audited is trouble.

Likewise blobs like SINIT used for TPM and SecureBoot initialization.

~~~
oneweekwonder
> Technically, from what we know ME firmware is flashable and possible to
> update

And it might be running Minix3[0] which is amazing for me.

But man it sucks to think there is a *nix machine next to my machine I have no
control over. Some might mention SSD fw, but does it have a known serial over
LAN vulnerability[1].

Wikipedia also cite a elevation of privilege bug[2].

I'm so glad I'm not a IT manager.

[0]: [http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-
an...](http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-
analysis.html) [1]: [https://www.scmagazineuk.com/platinum-hackers-exploit-
intel-...](https://www.scmagazineuk.com/platinum-hackers-exploit-intel-amt-
sol-for-secure-cc-communications/article/667477/) [2]:
[https://en.wikipedia.org/wiki/Intel_Active_Management_Techno...](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#cite_note-
intel1-12)

ps. If anybody have some info of the minix in ME. Please drop me a message.

------
squarefoot
"For a number of years now there has been growing concern that the management
technologies in recent Intel CPUs (ME, AMT and vPro) also conceal capabilities
for spying, either due to design flaws (no software is perfect) or backdoors
deliberately installed for US spy agencies, as revealed by Edward Snowden. In
a 2014 interview, Intel's CEO offered to answer any question, except this
one."

[https://www.infowars.com/intel-ceo-refuses-to-answer-
questio...](https://www.infowars.com/intel-ceo-refuses-to-answer-questions-on-
whether-nsa-can-access-processors/)

Lots of deleted posts on that Reddit chat though, so it's difficult to get a
picture. I know about ME etc, but had no idea Intel's CEO was asked abut it
directly and his response (or lack of).

~~~
jamiek88
Infowars?

Really?

Do we have a more credible source than deleted comments on reddit interpreted
by infowars?

~~~
squarefoot
I don't know the infowars site and its reporting quality, the original article
points to it. That's also why I was asking for more info.

------
acoye
I guess ARM is safe for now … Is it not?

