Processors
Intel® Processors, Tools, and Utilities
14615 Discussions

Does Intel sell without AMT/ME/SMM ?

SFlyi
Beginner
‎09-26-2015 07:44 AM
2,478 Views

Hello,

Does Intel sell (recent) chipsets/processors without AMT/ME/SMM ?

I like to add to that: Without JAVA/ThreadX/RTOS ?

I think these technologies are unnecessary for home/desktop computers and

form an unnecessary security/privacy risk !

(Especially the remote control and remote monitoring components).

Bye,

Skybuck.

0 Kudos

Link Copied

3 Replies
AP16
Valued Contributor III
‎09-28-2015 01:24 PM
1,193 Views

I wanted to say: dont use the built-in network adapter and everything will be OK, but any modern NIC or WiFi already contain a SoC with CPU and RTOS, so keep calm and clean.

Actually, you should try to use the things you listed in real corporate environment, to find that they are so hard in use, buggy and undocumented, that was quicker and easier to send some technicians to make the needed changes on PCs instead of spending hours trying to make this crap works as it should. So if the qualified system engineers are hard to use such techs in practice (in controlled environment!), malevolent use in the wild Internet should be overcomplicated as well.

Copy link
SFlyi
Beginner
‎09-28-2015 11:51 PM
1,193 Views
In response to AP16

Let's suppose for a moment that I am ok with RTOS.

Why would not using the internal NIC matter at all ? AMT is supposed to control the entire machine... so once compromised it could surely also control an extension card nic ?!

In response to AP16
Copy link
AP16
Valued Contributor III
‎09-29-2015 03:01 AM
1,193 Views
In response to SFlyi

The on-board NIC often based on chipset-integrated MAC functions (i.e. they are just a PHY chips), and chipset MAC have a dedicated connection to ME/vPro, making traffic interception and insertion works for management functions. The PCI-connected NIC (with own MAC) is not so easy for traffic intervention, there is a need for special protocol support (so Intel-based NICs are bad choice for security paranoics) or OS level NDIS filter insertion (included in ME driver stack), or direct PCIe memory area manipulation (needs knowledge about exact NIC controller details).

To exploit AMT/ME villain should first take control over your home router, to make possible sending magic packets, custom DHCP options and make a special traffic redirection to his own server with PXE boot feature, HTTPS responder with valid TLS certificate, and Intel toolkits installed. And the PC can stall in any moment due usually bad firmware and NIC MB initializations routines in home desktop market MBs BIOS. Having control over users router by itself make much more simple attacks possible, with no need for complex server setup and dealing with bad OEM intergration.

In response to SFlyi
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.