Intel CPU's Backdoor Operating System (Minix)

Just a heads up for Intel users there is a tiny operating system with full backdoor access to your computer built right onto the CPU called ME or Minix. I am sure this is used by the likes of NSA and GCHQ. Below are some links to partially disable it, but if you don't know what you are doing you could damage the CPU. Anyone else disabled this successfully? or was even aware of it?

https://hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa

https://software.intel.com/en-us/forums/intel-business-client-software-development/topic/563988


Comments


[19 Points] srock2012:

This is why you always build your own processors, OS, and world wide web from the ground up.


[12 Points] None:

....(grabs the tinfoil)


[9 Points] throwahooawayyfoe:

Disable it? I wanna know how to access it!


[6 Points] Tyrell-WIllick:

I believe we all should migrate to AMD. They even have open source software, I recently got a new model of AMD, installed GNU/Linux on it and, I was amused to find all the drivers in AMD web site and my dristro's web site.

The best way to punish companies like INTEL is to hit their finance and show our support with companies that respect the privacy of their users.


[3 Points] elfer90:

yea read about this a few weeks ago


[3 Points] mymuse100:

But all of these disclosed exploits require physical access. The NSA would want (and probably still has) a way to remote in.


[3 Points] yatea34:

Anyone else disabled this successfully?

You'll never know.

Thanks to closed source firmware, any attempts to disable it may just put it in a "this computer is extra intereting" mode.

Best to put a non-intel-based firewall in front of the machine, attempting to block any attempts Intel ME attempts to communicate. It seems likely that ZTE and Huwai networking equipment doesn't have US backdoors, but of course they probably have Chinese ones. I guess it depends on from who you're trying to hide.


[2 Points] MindfulChem:

Libreboot. Coreboot is supposed to be good but people smarter then me I trust say Libreboot is the golden standard as far as disabling IME.


[1 Points] treedoor1:

https://www.reddit.com/r/intel/comments/7efelg/intel_releases_security_advisory_in_light_of/?st=jai56yqy&sh=7a6d4a76


[1 Points] janobi-boris:

Someone has managed to dump the code of this via jtag, and then disable it.


[1 Points] salvia-d:

See David Eckhardt's "The Bad Thing" https://www.cs.cmu.edu/~davide/bad_thing.html Has a good quick summary of the issue, and important resources linked.

There are really no good solutions right now. There was an article indicating that a Google engineer was working on analyzing/removing it, he is the one that initially discovered it was running Minix http://www.tomshardware.com/news/google-removing-minix-management-engine-intel,35876.html


[1 Points] BobHasselhoff:

Wow, I wasn't even aware. Thanks for the brain food.


[1 Points] 4-MAR:

Thanks for the info. It's been discussed here previously.

/r/DarkNetMarkets/comments/2nrt2q/possible_major_security_flaw_in_intel_cpus/

/r/DarkNetMarkets/comments/3fcnf4/every_intel_chip_is_vulnerable_to_the_rowhammer/

I remember another topic about it, but I can't find it with the reddit search engine.


[-1 Points] minnesota420:

Bill Clinton is a rapist Infowars.com