> https://www.reddit.com/r/onions/comments/5i6qa3/can_the_nsafbi_use_intel_me_to_defeat_tor_on_95/ > > " > So, The NSA and FBI CAN force Intel to give up the keys Intel ME. [...]
There is a well-written, rational response further down in that same Reddit thread: "This post has a lot of misunderstandings behind it. First off, the Intelligence Community does not need to force Intel to give up Manageability Engine keys (or AMD's PSP keys for that matter). Both the keys and the toolchain, as well as the source code are traded underground. I know that at least up to firmware version 8 is traded underground, and version 11 (the latest) is available without difficulty to people who know how to find it. I have access to version 8's signing keys myself, being in that scene, but all my computers use version 11 so I haven't cared to mess with it. It's certainly not common but it is absolutely something that FVEY and related contractors (Raytheon, Leidos, half the people you'll see at ISS, etc) will be able to get their hands on, if they haven't already. Second, the abilities of the Manageability Engine are greatly over-exaggerated. It cannot be used to access all your data remotely. That only works if you have all AMT features enabled, and you have a special device called a BMC card plugged into your computer and connected to the network. BMC cards can include 3G/4G or WiMax support, which is where the myth that vPro CPUs have a 3G backdoor comes from. I have an enterprise ThinkPad that proudly boasts having WiMax support, requiring extensive configuration. It was expensive. If you don't have a BMC card (and you do not), then it is not possible to remotely control your system. Even if you did have a BMC, simply having the signing keys and toolchain for the ME would not be sufficient to get in. An attacker would need either a 0day, or your credentials. Having the signing key allows nothing more than writing malicious firmware over SPI and allowing it to persist. It's just a little more powerful than the UEFI kits cr4sh can write, and just as easily detectable by reading your flash chip. But it's not like you're analyzing your microcode (of which there are likely signing keys being traded as well), which can also be installed on a large number of systems, considering the BIOS functions to load the latest microcode it has into the CPU. Thirdly, you don't have to worry about the ME hiding Intel-provided backdoors because it is not impossible to reverse engineer ME firmware. The firmware is huffman coded, which can be decoded with some manual effort, and then you have ARCompact bytecode with Java-based modules. Intel can be a nasty company, but they aren't going to risk everything with overt backdoors that simply exfiltrate your memory over the network. Plus you could easily block that with a separate firewall. Even if it is sent out-of-band with regards to the kernel's networking stack, it's still sent over the same physical NIC, just with a different IP and MAC. The ME is absolutely not what you have to worry about in these threat models. It is only a way for malware to hide itself from forensic analysis, not a mystical way to remotely contact any system which runs it, absent a BMC card. If you have to have something to worry about, worry about 0days. They are much more dangerous and valuable than something which, at best, provides a persistent infection that is trivial to detect offline. There are RCEs for every major httpd. There are LPEs that even work on grsecurity (at least one that I know of), and dozens that work on vanilla Linux. There are at least two traded ring 0 RCEs for Windows, one of which I have, and there are probably a couple ring 0 RCEs in Linux's Netfilter (conntrack, anyone?). Secure your OS, use sandboxes and mandatory access controls (SELinux or AppArmor or RBAC), keep up to date, read security mailing lists, be wary of red herrings, use grsecurity + PaX, and most importantly, understand your own threat model. I can say with absolute confidence that the Intel Manageability engine is not a threat in the least to the integrity of the Tor network. Especially not when each and every one of you are running a browser which can be exploited with images and CSS. Sandbox your shit." P.S. Please double-check the facts before spreading FUD. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
