Intel shills BTFO

They admit ME is now remotely exploitable
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf
Stallman was right again.

There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

This never was in doubt.

This vulnerability does not exist on Intel-based consumer PCs.

Thanks, OP

>>4
Thats just means chips with no vPro/MEI support. Its misleading as most i3/i5/i7 cpus support vPro on any decent motherboard.
https://mjg59.dreamwidth.org/48429.html When AMT is enabled, any packets sent to the machine's wired network port on port 16992 or 16993 will be redirected to the ME and passed on to AMT - the OS never sees these packets.

It's interesting that Intel kept it secret for so long and that the company who discovered it didn't blow the lid after it was clear Intel wouldn't do a thing. The fact that it's published after all this time is suspect — why now? Maybe there is an even worse backdoor in the newer stuff and they want to compromise the paranoids through a ``security'' update. After all, the problem isn't that AMT is exploitable by random script kiddies, but that there is a fucking unauditable second OS in your box that has full control over everything. AMT is a backdoor sold as a feature, and there is exactly one way to fight it: Boycott every single CPU that includes it.

Sent from my old AMD computer

>>6

Boycott every single CPU that includes it.

implying there are Intel CPUs without it.

>>7
Nobody canceled older CPUs. You'll have to move fast though, there's a limited supply.

>>7
http://ark.intel.com/Search/Advanced?s=t&VProTechnology=false

http://forums.windowscentral.com/windows-10/371148-why-does-my-laptop-automatically-turn-windows-10-a.html

>>10

Apparently you don't shutdown your PC in Win10 even when you choose shutdown option. Instead the OS sends your PC into hibernated state

Nice paranoia.

>>9
Is the chip actually removed? I don't think they make special CPU dies without it, maybe its only disable in software.
If Intel made thousands of chip variants it would go bankrupt fast. Its highly likely the chip is still there, but isn't show in the bios. Unless you have electron microscope and plenty of time you can't prove the AMT isn't there, ready to be enabled remotely.

>>12
Well, all the CPUs listed in that sound like either budget or server oriented

Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family.[1][13][14]
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

>>12
All modern Intel processors have the Intel Management Engine, however AMT is a specific feature of the Management Engine which I believe is only available on the ``business class" processors with vPro.

>>9
VPro is just a feature of the backdoor chip, the chip itself is still there. The problem isn't AMT but the existence of this fucking CPU within your CPU.

Also, AMT can execute Enterprise Java Applets. Thats right:
https://software.intel.com/en-us/Intel%20AMT%20Java

All my computers had AMT enabled.

>>17
That link is for a Java library that provides an API to interface with the management software for AMT. Nowhere does it say that the AMT itself incorporates a JVM.

My UEFI links with OpenSSL. Awesome bloat.

>>19
nneonneo 323 days ago [-]

Igor Skochinsky (of IDA Hex-Rays fame, among others) has been studying Intel ME for quite some time. He gave a nice talk at Breakpoint summarizing what he'd discovered (slides here [pdf]: https://github.com/skochinsky/papers/blob/master/2014-10%20%...).

Among other things, he finds that ME is capable of running signed Java code which is pushed to the device. Due to the complexity and size of the Java code, it's quite likely to have bugs.

ME is a bit scary partly because it's a totally closed-source and proprietary component of your computer with full and essentially unfettered access to everything - RAM, peripherals, and network I/O. Any bug in a publicly-accessible component would have the potential to do serious damage. For example, a bug in the network stack might make it possible for attackers to remotely own your box.

Correct link to above
https://github.com/skochinsky/papers/blob/master/2014-10%20%5BBreakpoint%5D%20Intel%20ME%20-%20Two%20Years%20Later.pdf