Jump to content
Not connected, Your IP: 18.219.176.215
pr1v

Intel Refutes Claim That It Includes Backdoors in Its CPUs

Recommended Posts

Hello !

 

They have to say that, lol. But then again, he's right though, it's not a backdoor. It's a frontdoor.

 

Just like Windows Update is also for delivering "updates and fixes". Well, quite a few unwilling Windows 7 and 8 users found out how that ultimately worked haha.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

Don't know, but would like to know. "Enterprise wide" remote management and monitoring seems rather dual-use with "full spectrum global dominance".

Curious what sovereign governments and their military do about this - do the Indians, Pakistanis, Chinese use Intel chips ?

There has been some mention of the Chinese government using their own Linux versions, and various chip foundrys could churn out decent custom processor chips with an auditable RISC/ARM design which may not match Intel bang for buck but pretty good, as in mobile phone CPUs. And what is open source (auditable, secure?) Android like when "scaled up" for multiprocessors on servers and workstations ?

Maybe Intel have a lot to lose.

 

Share this post


Link to post

Interesting 32C3 talk on the matter, from the creator of Qubes OS:

http://hackaday.com/2015/12/28/32c3-towards-trustworthy-x86-laptops/

 

Very interesting

And now I wonder about the laptops recommended/certified by FSF... (Libreboot, etc).

 

About Minifree and Libreboot

Minifree Ltd, trading as Ministry of Freedom (formerly trading as Gluglug), is a UK supplier shipping worldwide that sells GNU/Linux-libre computers with the Libreboot firmware and Trisquel GNU/Linux-libre operating system preinstalled.

Libreboot is a free BIOS/UEFI replacement, offering faster boot speeds, better security, and many advanced features compared to most proprietary boot firmware.

Share this post


Link to post

The problem with Libreboot/Coreboot and others is that they can only run on older hardware.

The latest supported model is the x200, which is almost a decade old.

 

I can see the advantages of running without Intel's ME/AMT, but this must not come at the

expense of modern security mechanisms like Supervisor Mode Execution Protection (SMEP)

and Supervisor Mode Access Prevention (SMAP), which are very important features introduced

in the past years and which are not available in Libreboot/Coreboot CPUs.

 

To read more what it is, check here:

http://www.phoronix.com/scan.php?page=news_item&px=MTE5NzI

 

Personally I prefer to run a secure OS on the latest hardware, if you care about security only,

and less about "hardware freedom", the attack surface of Libreboot vs. Intel ME+SMAP is larger.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Historically, not.

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits

 

However kernel exploits that are mitigated using a SMAP aware kernel are very common:

https://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/

 

So, in order to protect yourself from remote adversaries - which should be a more common threat vector, running latest

hardware (Haswell and above) is a plus.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Sorry, I mean if it's not only about "hardware freedom" but if it could also envolve "against security" too.

Yes, from one point of view it seems a great advantage in security to avoid those attacks, but ... Is our security also compromised if we keep on using those intel chips?, could they be backdoored?. We could use other computers/chips and add extra security against those attacks you mentioned.

Share this post


Link to post

The chips are only a small part of a larger scope, which is your machine.

You may have a theoretical "blob-free" CPU without latest security mechanisms,

or you can have a modern one with ME, but also important features in place.

Most attacks will exploit the low hanging fruit which are the kernel vulns in order to

backdoor your system, and not a component that is signed and is very undocumented.

 

So if you ask in terms of security, your most paranoid option would be running something

like Qubes. The less paranoid option should be running Linux 3.7+ with grsec and SMAP CPU.

That is of course if you prefer to use the x86 platform.

 

Edit:

There is a very interesting new local root exploit for Ubuntu 16.04 that is once again mitigated

by SMEP/SMAP:

https://www.exploit-db.com/exploits/40049/

 

    if (check_smaep()) {
        printf("[-] SMEP/SMAP support dectected! Quitting...\n");
        return -1;
    }

Bottom line is...If you can use a newer CPU, you are probably safer from the common types of

attacks. The adversaries who can subvert Intel firmware remotely, probably can also compromise

you even with ME disabled


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

AMD for life.

 

But even AMD has similar nonsense in their CPUs, but to a much lesser extent.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I don't know if it was mentioned, but it is probably worth to look at a niche hardware vendor called Purism.

This is probably the most open hardware x86 compatible laptop, yet with still modern CPUs.

 

As of for me, I still prefer to use latest gen Macbooks with dual boot Arch and macOS.

They have been a very hard target to attack, especially after the Thunderstrike patches in 2015.

 

https://puri.sm/products/

https://www.qubes-os.org/news/2015/12/09/purism-partnership/


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...