Is telemetry embedded at the hardware level??

Discussion in 'PC' started by Bump, May 9, 2023.

  1. Bump

    Bump Kapellmeister

    Joined:
    Aug 26, 2011
    Messages:
    421
    Likes Received:
    53
    Just had a random thought and conveying it out loud in here....I am ignorant to how far the tech has come.

    But yea, was wondering are our PC's and MAC's able to communicate "offline" and even scarier, unpowered/ off grid?
     
  2.  
  3. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,745
    Likes Received:
    2,296
    Location:
    Heart of Europe
    learn more about MEI (Management Engine) and AMT (Active Management Technology), usb bios flashback, perhaps entire chipset architecture in general ?
    :cool:
     
    • Agree Agree x 3
    • Like Like x 1
    • List
  4. xorome

    xorome Audiosexual

    Joined:
    Sep 28, 2021
    Messages:
    1,192
    Likes Received:
    868
    tzzsmk beat me by like 20 seconds!

    https://en.wikipedia.org/wiki/Intel_Management_Engine

    Intel Management Engine (ME) has been incorporated in virtually all of Intel's processor chipsets. The subsystem runs on a separate Intel Quark x86 microprocessor running the MINIX operating system. It performs tasks while the computer is running, while it is asleep and while the system is turned off - as long as the chipset is supplied with power. Its code is obfuscated using confidential encryption.

    The ME has its own MAC and IP address with direct access to the Ethernet controller; Ethernet traffic is diverted to the ME even before reaching the operating system.

    Critics like the EFF, Libreboot and security experts like Zammit accuse the ME of being a backdoor. Zammit stresses that the ME has full access to memory (without the CPU knowing), and can send and receive network packets, fully bypassing the operating system's firewall.

    Intel responded by saying that "Intel does not put back doors in its products."

    It is normally not possible for a user to disable the ME and there is no official method to disable it.
     
    • Like Like x 2
    • Agree Agree x 2
    • Interesting Interesting x 2
    • Useful Useful x 1
    • List
  5. Xupito

    Xupito Audiosexual

    Joined:
    Jan 21, 2012
    Messages:
    7,313
    Likes Received:
    4,057
    Location:
    Europe
    There is actually. And it's very bad. All CPU's since I guess the first UEFI systems, have a hidden subsystem. Thanks to "strong suggestions" by the NSA and other military/intelligence agencies. AMD, Intel, Apple... all have it.
    I don't even know if Microsoft or Apple can have control over it. But for sure these agencies can totally bypass everything if they can plug whatever it is (USB, Ethernet, WIFi,...) in any computer.

    PS. While I was writing @xorome and @tzzsmk beat me to it and gave more details
     
    • Interesting Interesting x 2
    • Like Like x 1
    • Disagree Disagree x 1
    • List
  6. Bump

    Bump Kapellmeister

    Joined:
    Aug 26, 2011
    Messages:
    421
    Likes Received:
    53
    What generation did that start with?

    Thanks for all the replies and for the suggestions of where to start. It's a grim reality for all of us.
     
  7. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,615
    Likes Received:
    3,346
    This is in reference to "High Assurance Platform" mode? The "suggestion" of NSA, etc was (more like a requirement, it reads) adding a way to disable ME, AMT on government-entity owned systems due to security concerns about possible exploitation. It reads differently when paraphrased to suggest like this was all added at their behest. They apparently do not mind it running on others' systems, but want it not running on theirs. They would not need such a thing, and it wouldn't have been found if they had.
     
  8. %
     
    Last edited by a moderator: Jul 17, 2023
  9. JMOUTTON

    JMOUTTON Audiosexual

    Joined:
    Jan 10, 2016
    Messages:
    1,099
    Likes Received:
    909
    Location:
    Virginia

    So it's really easy to block with any basic router firewall or if you don't trust the people who make routers you can built KALI from source for a super basic open-source chipset like RASCAL and packet RFV everything between your LAN and the interwebs.

    Too easy to solve, but I guess, NVM... I just DGAF anymore.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  10. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,615
    Likes Received:
    3,346
    I'd go to Vegas and place some sports wagers. What I would not do would be to read tin-foil theories about No Such Agency from "researchers" from Russia. Especially not in 2017 (when this "news story" started showing up); an entire year after NSO Pegasus' existence was already confirmed to have been used against journalists' phones in the wild. Or believe that a little chip (while machine powered off) would have enough residual power to supply enough power to the network interface or wireless adapter to authenticate so that data could be exfiltrated with the machine off. (When it could just do so past the OS/firewall as claimed) Or worry about "wifi passwords being collected remotely", while target machine was not within range to an attacker. If in range, they would collect a 4-way and pop the router on the spot.

    Any IDS or Network traffic analyzer running on a second machine would see such traffic. This is like us not knowing why the Pyramids of Egypt were built, so obviously they were built by aliens. Occam's Duct Tape.
     
    • Winner Winner x 1
    • Creative Creative x 1
    • List
  11. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,303
    Likes Received:
    528
    Location:
    CBGB omfug
    PC's without TPM's do what you tell them to. MAC's, who knows. Apple has been big-brother for quite a while. PC's with a properly optimized OS will behave as you command them to. Running older hardware and OS (you know, those "unsupported" kind that some monkeys wouldn't be caught dead with :bleh:) will more than likely have control over the IME through a simple interface. All my internet facing machines run windows 7 class hardware that all have BIOS access to IME that is switched OFF. No unauthorized access capability here.

    Which also brings to mind a little conundrum of sorts with regard to what would be available to some monkey who tried to exploit someone with active IME on an internet facing computer. With the power off and with most all data of any interest being stored on various storage devices THAT ARE ALSO POWERED OFF (also assuming that no "wake-on" functions are enabled) what could one hope to gain from utilizing said "backdoor" in the first place?

    And... Magical remote control of computers via ZERO connection medium (i.e. wifi disabled, no dial-up device, no internet hard connection, no "wake-on features" enabled, etc) comes from watching too many movies... Backend Local area networks with properly setup and firewalled vlans are not susceptible either.
     
    Last edited: May 10, 2023
  12. Xupito

    Xupito Audiosexual

    Joined:
    Jan 21, 2012
    Messages:
    7,313
    Likes Received:
    4,057
    Location:
    Europe
    Take the details I told with a grain of salt because I don't remember well and there's not exactly a lot of confirmed information because of its very nature. So happy to be corrected.
    I was just talking of what I remember when the IME, the intel version, began to be know to techies. I'm not sure who exactly demanded that subsystem.
     
  13. itsybitsy_

    itsybitsy_ Kapellmeister

    Joined:
    Oct 14, 2021
    Messages:
    56
    Likes Received:
    66
    • Interesting Interesting x 2
    • List
  14. Xupito

    Xupito Audiosexual

    Joined:
    Jan 21, 2012
    Messages:
    7,313
    Likes Received:
    4,057
    Location:
    Europe
    So cool. I only remember one pioneer long time ago that managed to disable and perhaps even removing it quite some years ago. But he bricked 3 or 4 CPUs during the process.
     
    Last edited: May 10, 2023
  15. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,615
    Likes Received:
    3,346
    Sure. But keep in mind that nearly every researcher who finds something has the tendency to escalate it's importance. We go from a possibly exploitable remote management service/protocol etc, to "the sky is falling and it's NSA behind it". Like clickbait.

    Another thing to remember/know is that Intelligence services do not share anything they do not need to; even with allied countries services. Can you think of a better way to share *everything* than to stick some backdoor hardware chip onto every desktop/laptop computer in America/elsewhere; just waiting for other services to take apart any machine and look into the chipset? And then to have it masquerade in plain sight of Administrators who are already aware of portions of it's functionality? All waiting to be "discovered" the minute someone working at Intel or AMD decides to leak the info, with no way to "Self-Destruct" the chip's code and leaving proof on every affected product? "Powered down" phones are a much juicier target. They have microphones, cameras, people take them wherever they go, and think they are a brick as soon as you turn them off; instead of sticking them inside a Farraday cage. This is like the script for a Snowden sequel movie, but it would be starring Forrest Gump.
     
    • Like Like x 1
    • Interesting Interesting x 1
    • List
  16. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,868
    Likes Received:
    4,042
    Location:
    AudioSexPro
    this is explains it all. why not let us aswell disable it?

    It doesnt matter who is behind this. i hate that such shit is even implemented as nobody asked for it really from a consumer perspective - atleast i didnt.
     
  17. itisntreal

    itisntreal Ultrasonic

    Joined:
    Apr 7, 2023
    Messages:
    75
    Likes Received:
    25
    Location:
    Twilight Zone
    Everything is hackable or crackable
    Nothing is 100% secure
    What about air gapping?
    Around 20 years ago i had an amd athlon 2700xp no wifi no bluetooth no internet cable connected
    One day i got a prompt with wireless connection found i immediately open my internet browser and i had no internet then later that day i went to the living room where my stepdad said hey i just got free wifi and i quickly updated my norton later that day i went back to my room and i opened control panel suddenly i had a norton icon without ever installing norton on my system that is fucking weird
    After that i start to get paranoid and discovered even more fuzzy stuff on my system
     
  18. luckyLuke7

    luckyLuke7 Ultrasonic

    Joined:
    Nov 7, 2021
    Messages:
    82
    Likes Received:
    23
    Get a PC with no wifi card and don't plug the Ethernet cable. Now you can play solitaire with nobody watching. :bow:
     
  19. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,303
    Likes Received:
    528
    Location:
    CBGB omfug
    Since I am running older win7 (os and class hardware) I have bios tweaks that disable the evil Intel ME out of a hat. however you all can do basically the same thing if your internet vlan utilizes a manageable router, switch or other device that has a firewall governing your entire network. You can BLOCK all incoming/outgoing traffic on the ports that POS uses to do it's nastiness..That way ANYTHING plugged into your network will be protected. The following white paper outlines the ports in question.

    https://www.intel.com/content/dam/s...work-admin-detection-and-mitigation-guide.pdf

    Remember though, this POS uses out of band networking (completely outside the purview of any operating system you're running) to do its lameness. So in order to block it network-wise you must do it from a managed switch, router or gateway on your internal network. Takes all of 5 minuten to build the filters...done!

    Also, FYI, if you have a newer machine/OS that has "intel management engine drivers" that are enabling comms with the onboard hardware, just yank the management warez out by uninstalling and disable any system devices having to do with intel ME... case closed. You might actually save some processor cycles and/or system resources in the same swoop.
     
    Last edited: May 11, 2023
    • Interesting Interesting x 1
    • List
  20. Xupito

    Xupito Audiosexual

    Joined:
    Jan 21, 2012
    Messages:
    7,313
    Likes Received:
    4,057
    Location:
    Europe
    I agree in that no end of the world or similar. Perhaps I sounded catastrophist in my first post. We can only limit the spyware these days and I'm fine with that despite not being ideal.

    But these subsystems... not the biggest secret but the most opaque that's running 24/7 in every CPU with power supply plugged since 8 years or so. Even less secret when the same NSA gave advice about disabling that bit because they had a severe security bug. The irony :rofl:
    They are running no matter if you use the the soft for useful fatures, remote managing PCs and stuff. Even if you disable TPM, secure boot. They can bypass pretty much everything since the very start of the boot and access directly the network and the PCH (for instance the RAM).

    I mean, doesn't take a conspiranoic to smell what they are for, besides some legit useful features. I'm not saying agencies or whatever are using to spy everyday all around the world. Again, nothing new, but an important step up. I could be wrong of course. But for me is common sense.
     
    Last edited: May 11, 2023
  21. itisntreal

    itisntreal Ultrasonic

    Joined:
    Apr 7, 2023
    Messages:
    75
    Likes Received:
    25
    Location:
    Twilight Zone
Loading...
Similar Threads - telemetry embedded hardware Forum Date
nvidea telemetry Computer Hardware Dec 3, 2018
How to download embedded videos from a paid course? Working with Video Apr 26, 2023
Kontakt 6 Mac library order and embedded wallpaper… Kontakt Aug 20, 2021
inNKX: Tool to create Kontakt NKX and NICNT files (with wallpaper embedded) and more Kontakt Apr 1, 2019
how to remove all embedded fl studio 12 plugins? Software Aug 4, 2017
Loading...