Hacker News new | past | comments | ask | show | jobs | submit login

"This vulnerability does not exist on Intel-based consumer PCs."

"There are several features that AMT provides that are present in consumer systems even though the ‘technology’ isn’t there. This is one of the arguments that SemiAccurate has had with Intel security personnel over the years, we have begged them to offer a SKU without the AMT hardware for just this very reason. Intel didn’t, the pressure to lock corporate customers in to their silicon was too high."

Intel is playing this down heavily. This seems to be locally exploitable on consumer chips. Correct me if that is wrong, please.

EDIT: I'm not one to give a shit about downvotes, but it would be nice if someone could actually respond to me with a legitimate retort instead of trying to bury this post. I am asking to be proved wrong for my own sanity. Let's be mature about this.

From what I understand, the local exploit needs a manageable (vPro) system as well. Not just ME, but AMT running in ME.

I have confirmed through ARK that not only does my chip lack vPro, but it also lacks TXT, which I hadn't confirmed before. I consider TXT to be just as vulnerable as AMT / ME.

Feels good to know my sensibilities paid off. Worth every dollar.

Now I just get to sit back and watch the shit show unfold :)

Basically you're asking us to prove a negative about undocumented proprietary firmware. Someone could spend years fully reverse-engineering ME firmware to prove these theories wrong, and then people would just say "but what about version N+1?"

Not really. The evidence currently points to all basically all commercial Intel chips in the last ~10 years being vulnerable to this.

In addition to correcting you about Intel's blatant lie, I was asking if anyone more qualified than me could confirm or deny whether it affects certain enthusiast chips that seem to lack certain vPro features.

My question was not about if consumer chips are affected, because they are if they have the ME engine. However, the enthusiast chips I reference supposedly do not even have a functioning ME system to reverse-engineer in the first place. Asking for confirmation of such by a qualified individual is reasonable and answerable.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact