Let’s talk about vPro, privacy, security and Big Brother. Spanning the internet are articles discussing legitimate and imaginary concerns about vPro’s impact to user privacy. So it’s time we (at Intel) start a dialog with our customers on this topic.
First, I need to emphasize how seriously Intel takes privacy and security. Ten years ago, when someone at Intel mentioned privacy reviews I thought we were getting offices with doors. Since then, especially prior to vPro’s initial launch, security and privacy have become mainstays at Intel. Every product we deliver goes through rigorous security and privacy review boards. These folks are not as friendly as many of you; I have the wounds to prove it.
But enough of conjecture and hand waving, let’s look at the overriding concerns repeated in blogs and articles on vPro:
· A hacker can use vPro to watch what you type and what web sites you visit
· vPro operates “stealthily” even when your system is off
· vPro cannot be disabled
I’ll try and respond to each of these topics and look forward to follow-up questions from you all as well as any additional topics you would like me to cover in the future.
Preventing KVM Remote Control from Being Hijacked
As many of you have read, KVM Remote Control is a new feature in vPro that allows a technician to remotely support platforms by gaining access to the keyboard, video and mouse of the target PC. This is a similar capability exiting in many IT products today, the difference is KVM operates no matter the state of your system. I.e. the OS can be completely dead and a technician can use vPro to remote in, diagnose and fix issues.
The benefits of KVM are clear, however many fear what happens if the remote capability gets into the wrong hands. Clearly the main concern is if an attacker could remotely hack a vPro system, then eavesdrop on everything typed, viewed, etc.
Taking these threats seriously and to ensure that the user is protected, vPro utilizes the following security mechanisms to establish a remote session:
1. The user at the vPro PC sends a random “secret” generated by vPro (via phone, e-mail, text message, etc) to remote the administrator who will be helping the user debug his or her system.
2. The remote admin sends this value securely back to vPro to establish the session.
3. When the remote session is established (whether or not a session is active), a red border is displayed by graphics HW to show the end user what the remote admin can see. Since vPro HW protects all video and graphics in the red border nothing can draw over the top of it.
4. In addition to the red border a flashing KVM icon is displayed for the duration of the session.
5. The red border and icon continues to be displayed until 2 seconds after the vPro session ends.
For someone to hijack this remote session (and thus take control of your PC) the attacker would need to intercept the secret by eavesdropping.
Alternatively, an attacker could “social engineer” you to divulge the KVM secret, but if they can do this they can probably get your credit card number for a Nigerian money offer.
Even if they are successful in getting the secret the attackers will still need to break TLS.
The key point to mention is that the end user is always in control of the KVM session. If you do not provide the secret to the IT administrator, an attacker cannot connect.
vPro Active Low Power States
As advertized, vPro can operate when a PC is in a low power state. Specifically, these are the S3, S4 and S5 sleep states (Sx for short). “vPro is active with the PC is Powered off” isn’t technically accurate because the PC is powered in all vPro operational states. If you yank the cord, I can assure you, vPro will not be active.
The key point is vPro can (not will) operate because it is up to the PC manufacturer whether to add the additional cost to support these power states. Motherboards require additional power switching logic, circuitry and routing to support these additional power states.
For the IT environment this capability is clearly advantageous and worth the cost. For the consumer market it is unlikely OEMs would spend this additional expense.
Another myths to dispense with: “Even with the system is powered off vPro provides remote access to your HDD and all of your data!”
· Devices such as HDDs, system memory, your web-cam and keyboard are not powered in Sx.
So, even if they wanted to, hackers could not remotely access these devices in a vPro lower power state. Now, an attacker could use vPro to wake the system, but these devices are still not accessible through vPro.
A final myth: “vPro cannot be disabled!” In actuality, vPro can be disabled in the followed ways:
1. By disabling vPro in the BIOS setup interface.
2. By disabling vPro in the MEBX setup interface the user can access just before the OS launches.
If a vPro enabled PC has be re-purposed for home use, the above options are easily accessible.
However, if your PC is owned by the IT department of your company I’m sorry to say, it’s really not your PC. In this situation your probably can’t get into BIOS setup or MEBX without the IT generated passwords. You also probably can’t disable HDD encryption, virus scanners, run with OS administrator privileges, etc.
United States privacy laws do not require employees of U.S. based firms to be able to disable capabilities such as vPro.
However, in the EU privacy laws are more strict, but I can’t quote them (partially because I’m too lazy to Google them, but mainly because I don’t want to be mistaken for a lawyer). So, if you’re employed in the EU you may have full control over vPro.
In Conclusion . . .
Intel takes the vPro brand, customer privacy and security very seriously. While I hope this quells most of your concerns there always will be conspiracy theorists who believe Intel and PC Manufactures are in collusion with the NSA, CIA and FBI. While good fodder for Hollywood, such activities make no business sense and absolutely no technical sense. If interested, I’ll explain why in a future article.