this post was submitted on 16 Sep 2024
58 points (96.8% liked)
Privacy
31931 readers
938 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think that a lot of the IntelME stuff is what people would typically call a conspiracy theory, not like a theory of a conspiracy, but rather where the conspiracy is largely invented for the purpose of being scared or angry, or for attention from others who get scared or angry. Obviously not all of it is, and there are people who do research it, but the videos about it that you usually see on YouTube, most of them are like this.
The thing is that intelME isn't like a government conspiracy where there isn't much if any tangible evidence for it, IntelME is physically installed on millions upon millions of Intel PCs around the world, so it's very easy to test the myths and claims by sacrificing some of these Intel computers. The fact though that most of the people making claims seem to not want to do that, suggests that they don't think it's as big a problem as they say it is. There are few people who have tested it though, a notable example from 34C3 where they found that it's actually much more boring. Honestly the idea that people say it cracks Wifi passwords, or exchanges data home with a server, all this stuff people claim can be easily tested, even analyzing the network packets from a PC to see if it actually phones home when it's off (can do that by probing an Ethernet cable and capturing the signals externally. The reason I claim the IntelME stiff is a conspiracy is because most of the people making the claims resist investigation, the same way that Flat earth theories and Lizard people theories resist investigation. My example of probing the network cable? Yeah I proposed that to someone already and they claimed IntelME would know the Ethernet is being probed, when I inquired how I was given many nonsensical claims, from microphone listening to talking to IntelME on another computer skewing the results, can't make this shit up.
So to summarize, a lot of the claims are unsubstantiated claims, which could be easily proven or disproven due to easy access to IntelME based systems, but isn't because the people making the claims can't be bothered, and to top it all off many of them simply make arguments to resist investigation of IntelME in the first place, just like classical bad-faith conspiracy theories, and actual investigations like the one shown as 34C3 are swept under the rug. I don't think IntelME doesn't have issues or that it isn't a security risk, it is like any firmware, but the sensationalized claims made about it regularly online don't hold water, and the people making them should be called out for perpetrating conspiracy theories without merit. I'd leave some links to them but I don't know if that's allowed here, could be considered harassment.
Good suggestion about analyzing network packets. I don't know anything about how to do that except there are tools like wireshark which can help but I still have no knowledge on doing that. And I think you would need to make a script to monitor it for you because it would probably only (talking theoretically now) phone home very quickly on rare occasions, it wouldn't be continous. So your script would have to be able to detect these short and rare anomalies. I don't know anything about how to do any of this though but I will add it to my todo list down the road.
Another problem is you might need to get the NSA's attention first and make yourself a target. You also need to make sure there is no other way for them to spy on you, so they are left with only using intel me as their last resort.
So because I don't know anything about analyzing network packets I can't say if you're right but it does seem convincing. And it would be great for security in general as well, not only for investigating intel ME. I will definitely learn more about this later.
You'd probably need to monitor the computer's network for a long time to get a detection, also something important is that if you're on a System with AMT disabled/not present, you won't ever get any, since those IntelME versions come without any network stack whatsoever.
In fact that's one of the primary reasons why I haven't tried it yet, almost none of the Intel computers I own even have the Intel AMT component enabled in the IntelME firmware, meaning they just won't do it, like ever. The only one I have which supports AMT is an old Laptop with a slow AF intel Centrino, it's so slow that it struggles with XFCE alone and no other apps running, I don't know if I could use this computer long enough to get any readings from it because it's just too slow to do anything really.
If you want to try it out I'd suggest building a copy of IntelMEtool and testing your Intel Machines to see if they have AMT enabled or present before trying yourself.