• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Intel x86s hide another CPU that can take over your machine (you can't audit it)

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

knoober

Member
Joined
Mar 18, 2015
Interesting read.


Indeed. Very interesting.

The terminology is a bit over my head though. For my benefit (and the benefit of others) if folks with more knowledge could either confirm or deny the existence of this part of the hardware, or even comment of plausibility please? I mean Google and I will be dissecting that article for the next few months I am sure, but it would still be nice to have some knowledgable opinions to draw on as well
 

Dolk

I once overclocked an Intel
Joined
Mar 3, 2008
Please do not panic or think this is a large ordeal.

In truth its not. The so called "extra CPU" they found is the management processor. In order to maintain advanced scheduling of security features, allow for debugging, and remote control of the CPU, a separate system has to run in parallel. Accessing this core could happen with a user that is not from Intel, but likely hood is astronomical. First, this is an in house built IP core. Anything built inside Intel is under lock and guard with 12 Chinese firewalls between each team (even if they are managed by the same manager). In order to gain access to this core, you have to have a special box that was developed by Intel. It arrives under lock and key and can only hook up to the internet and CPU directly. This core is extremely locked down because Intel knows the value and risk. If I ever heard someone gained access with no help from Intel, I would call the individual non-human, because it would require a bot network that is on par of a NSA data center to create the computing power necessary to break through the encryption.
 
Joined
Dec 13, 2005
If I ever heard someone gained access with no help from Intel, I would call the individual non-human, because it would require a bot network that is on par of a NSA data center to create the computing power necessary to break through the encryption.

I came across this article this morning, and the author even mentions that. Even with the biggest supercomputer it would take more than a human lifetime to brute force it. And the fact that this is just coming up now, even though it's been implied these chips have been around since the nehalem days, shows how tightly guarded it is.
 

wagex

Chapstick Eating Premium Member
Joined
Jan 14, 2011
neat read, im not gonna get worried about it though.
 

Blaylock

"That Backfired" Senior Member
Joined
Jun 5, 2013
Location
Go Blue!
Easy solution is buy AMD.

The bigger and more disturbing question is why the hell would Intel do this in the first place. The only answer I can justify is espionage.
 

knoober

Member
Joined
Mar 18, 2015
Easy solution is buy AMD.

I didnt know Intel had one of these, who is to say it isnt present in AMD as well ? or ARM? but that is further down the rabbit hole than my education allows me to go.

I worry about everything when it comes to this sort of thing, but even Im with wagex on this one... not particularly worried. The only way to ensure complete safety from this sort of thing is to build your own CPU :D Disclosure from Intel is another matter however. From the article they seem to be pleading that no one will try to crack it if no one knows about it... well someone found it I guess. Which is why I should be able to know about it, in order to calculate my own risk when making CPU decisions
 

Dolk

I once overclocked an Intel
Joined
Mar 3, 2008
AMD most likely does the same thing, I'm not sure because I've never worked with them directly.

When the core is activated remotely, the CPU is in debug state. So it can't do much, if anything.

To help calm people down further, let me try to put it into a very simple picture. In the ASIC/IC world chips are created through varying levels of development. A lot starts off in software, where simulations are ran to study the effects of new architectures and designs. Once the architecture runs smoothly in simulation, its now time to cough up the money for the actual component. Do note that the cost of ICs and ASICs are not the silicon process, its the masks. The shadow masks that create the actual transistor and how the material stacks up, is crucial and must be perfect; every time. A re-spin of a mask can sync an entire quarters budget. Since the cost of chips grow, new means to make sure your product works had to be created. Even Intel has to create a single chip for all purposes, they do not have the time nor the money to design a chip thats used for debugging, and another that is just pure consumer. Furthermore, you can't test the system effectively. Testing of chips with billions of transistors and logic, through thousands of pins has an exponential brute force check that would require several 1000s of years in order to check each and every possibility. If you have a core that is up against everything inside the hardware, well your testing is simple. If you lock down the core so that its only accessible by keys and requires Intel personal on site, and shuts down the functionality of the CPU, well I'd say we are in good hands.
 

petteyg359

Likes Popcorn
Joined
Jul 31, 2004
This is an issue because you can't disable it on many systems, and it is an entry point to potentially spy on your system or plant false evidence in memory. All you can do is unplug your network cable (and if you have a laptop hope Intel doesn't include their own wifi drivers in the ME firmware in the future). Eventually RSA will become vulnerable to brute force, or someone will abscond with Intel's signing keys for the ME firmware and write boot sector malware to flash a compromised version, and then you'll have a nice bot net army that can't be repaired let alone detected by normal anti-malware software. You can hope it won't happen until all these Intel systems are obsolete and unused, but that doesn't negate the fact that these sideband entry points need to support being disabled by the end user.

Granted, if you have a router between you and the internet, it takes quite a bit of paranoia to really be concerned for your own system, since the ME firmware's secondary MAC and IP would be obviously shown in your network map. That doesn't negate concern for the huge population of technically moronic fools out there who just plug their computer into their modem and have no idea about networks beyond what their ISP advertises to them.
 
Last edited:

Dolk

I once overclocked an Intel
Joined
Mar 3, 2008
This is an issue because you can't disable it on many systems, and it is an entry point to potentially spy on your system or plant false evidence in memory. All you can do is unplug your network cable (and if you have a laptop hope Intel doesn't include their own wifi drivers in the ME firmware in the future). Eventually RSA will become vulnerable to brute force, or someone will abscond with Intel's signing keys for the ME firmware and write boot sector malware to flash a compromised version, and then you'll have a nice bot net army that can't be repaired let alone detected by normal anti-malware software. You can hope it won't happen until all these Intel systems are obsolete and unused, but that doesn't negate the fact that these sideband entry points need to support being disabled by the end user.

Granted, if you have a router between you and the internet, it takes quite a bit of paranoia to really be concerned for your own system, since the ME firmware's secondary MAC and IP would be obviously shown in your network map. That doesn't negate concern for the huge population of technically moronic fools out there who just plug their computer into their modem and have no idea about networks beyond what their ISP advertises to them.

Did you read anything that I posted? The likely hood of someone (read: something) to get in is astronomical! NDA holds me back from completely saying what the entire procedure steps to utilizing this feature. But from first hand experience, I can tell you, NONE of your motherboards have the capability to gain access of to this node. Virtually everyone is safe.

How do I know this? I work at Dell in the server side. Intel sits in our lab during parts of our cycles. The first time I saw this in action, I asked as many questions as I could.
 

petteyg359

Likes Popcorn
Joined
Jul 31, 2004
Did you read anything that I posted? The likely hood of someone (read: something) to get in is astronomical! NDA holds me back from completely saying what the entire procedure steps to utilizing this feature. But from first hand experience, I can tell you, NONE of your motherboards have the capability to gain access of to this node. Virtually everyone is safe.

Hardly. I've updated the ME firmware on my laptop more than once. It's perfectly accessible. Still paranoia to be worried though given it'll be at least many years before the cryptographic requirements are broken for a third party to create a malicious replacement, aside from figuring out an installation vector.
 

[email protected]

Member
Joined
Apr 7, 2016
Location
Israel
I didnt know Intel had one of these, who is to say it isnt present in AMD as well ? or ARM? but that is further down the rabbit hole than my education allows me to go.

I worry about everything when it comes to this sort of thing, but even Im with wagex on this one... not particularly worried. The only way to ensure complete safety from this sort of thing is to build your own CPU :D Disclosure from Intel is another matter however. From the article they seem to be pleading that no one will try to crack it if no one knows about it... well someone found it I guess. Which is why I should be able to know about it, in order to calculate my own risk when making CPU decisions

Or maybe make your own OS?
How could intel know what to do in the OS if YOU made the OS? Make some false things (Code?) to confuse and stuff like that, I know making your own OS is really hard, But it might be harder to intel or any other company to "crack" the code and do stuff.
Correct me if im wrong :p
 

knoober

Member
Joined
Mar 18, 2015
Or maybe make your own OS?
How could intel know what to do in the OS if YOU made the OS? Make some false things (Code?) to confuse and stuff like that, I know making your own OS is really hard, But it might be harder to intel or any other company to "crack" the code and do stuff.
Correct me if im wrong :p

2 things :

1) making your own OS isn't *that* difficult. Making a nice a polished OS that works really well? That might be a problem. If you are interested in reading about making your own Linux distro check out "Linux From Scratch" for a step by step guide :D

2) the article claimed that all this stuff is "transparent" to the OS, which it goes on to explain means that it operates outside of the OS and no matter which one you run Windows / Linux or whatever.

As I said though I'm about as worried about this as I am about a plane dropping out of the sky on my head: possible but not likely and if it does happen then I get squished :D
 

[email protected]

Member
Joined
Apr 7, 2016
Location
Israel
2 things :

1) making your own OS isn't *that* difficult. Making a nice a polished OS that works really well? That might be a problem. If you are interested in reading about making your own Linux distro check out "Linux From Scratch" for a step by step guide :D

2) the article claimed that all this stuff is "transparent" to the OS, which it goes on to explain means that it operates outside of the OS and no matter which one you run Windows / Linux or whatever.

As I said though I'm about as worried about this as I am about a plane dropping out of the sky on my head: possible but not likely and if it does happen then I get squished :D

But if its transparent how can they (Intel) read (And understand) lets say a text file containing my passwords? Or maybe they cant?:sly:
 

JrClocker

AKA: JrMiyagi
Joined
Sep 25, 2015
Making your own OS is not hard...the polish (as said above) for general distribution is the hard part.

This reminds me of JTAG access circuitry that is in EVERY embedded processor that runs on everything.

I can connect into the JTAG, halt the processor, put my own code in, start the processor, do pretty much anything. This is on DSPs, PICs, ARMs...you name it.

It's not considered a security risk because you have to physically make the JTAG connection.

This sounds like an Intel fancy name for the same thing, but with a network access. This has the potential to be hacked, but the encryption is as good as it gets.