Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You mean the Management Engine (mandantory to supply with Intel-proprietary firmware since 5 series)? Since it's the key components of Intel AMT, its features are - at a minimum:

- can run while the CPU is off

- isn't controlled by the CPU (except some protocol which is voluntary on the ME side)

- has access to the onboard GPU's framebuffer

- has access to onboard USB and on-chipset NIC

- can access RAM, bypassing the OS (_maybe_ host-controlled, since the only known use is IDE-R)

Scary enough?

On AMD the situation looks safer for now: while they have _two_ embedded controllers with firmware, from what we (coreboot developers) could gather, their reach into the system is much more limited: they could probably DoS the system by killing access to RAM and/or turn off the fans



If I was the CIA/NSA I would definitely force Intel/AMDs hand to put a kill switch on the chip. That way if I was waging war with country, I first broadcast a special signal killing off all the CPUs I can. Then we launch our attack.

The kill switch could be anything:

1. Some particular frequency that causes the CPU to malfunction deliberately. Just a 1 bit malfunction is enough. 2. Something delivered via an OS update patch.


Only a matter of time before a nefarious person discovers how to trigger the kill switch at their will. If this happens, Intel will immediately go out of business. They know they can't just blame the NSA. That's why Intel has every incentive to aggressively fight such orders.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: