jimmysmitty :
problematiq :
So basically iDRAC for intel machines.
In essence, yes. It also has management features.
Intel said that this particular vulnerability doesn’t affect consumer chips. However, free software activists’ arguments about Intel ME’s dangers in general likely hold true, as this vulnerability may not be the only one out there that exists or that Intel is willing to make public.
The free software activists need to do more research before claiming this.
The reason consumer chips are not affected is because consumer chips do not come with vPro which is the component that allows for connections anyways. AMT is part of all systems but not every feature is part of every system.
For Wikipedia: Intel vPro technology is an umbrella marketing term used by Intel for a large collection of computer hardware technologies, including Hyperthreading, Turbo Boost 3.0, VT-x, VT-d, Trusted Execution Technology (TXT), and Intel Active Management Technology (AMT).[1] When the vPro brand was launched (circa 2007), it was identified primarily with AMT,[2][3] thus some journalists still consider AMT to be the essence of vPro.[4]
The only component missing from vPro in modern systems is TXT, which is absent because most modern systems don't have a Trusted Platform Module. Either way, it's pretty irrelevant to the functionality of AMT as AMT operates out-of-band and in hardware... falsifying an AMT node would require fabrication on the nm scale (pretty much govt only), and if it did tie into TPM tech, well that crypto was beaten back in 2010. TPM 2.0 was actually designed with a backdoor to govt in the first place. See:
http://investmentwatchblog.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-links-the-nsa/
jimmysmitty :
I have done this on past articles but will do it again and I think the author of the article should as well as all this does is get people into frenzies and they start to spread rumors which are not true.
vPro, the ability to connect remotely to an Intel platform, is required to be supported on 3 components; the CPU, chipset and NIC. Lets look at consumer grade chipsets first:
Consumer:
Z270 - No vPro
H270 - No vPro
Business:
Q270 - vPro
Q250 - No vPro
B250 - No vPro
So in order for a new PC to even begin to support all of AMT and even worry about this potential risk, you need to have a business chipset and a top end one at that, the Q270.
Wrong. Firstly vPro is a practically meaningless brand-name spec on its own, all the other things you are stating are AMT. vPro support is deliberately disabled in some CPU's to sell others, yes, but other than that vPro is not itself a tangible technology or hardware, rather a software capability based on a few pieces of hardware and a SoC of sorts on the CPU that runs when the PC is off. Said SoC exists on EVERY Core i and Xeon CPU since Sandy Bridge. The question is whether it will speak to you or not (and thus your management application). Either way, it's an incredibly large and untraceable potential backdoor as should the SoC be possible to activate sans TPM, it would allow complete and untraceable access to every Intel CPU since the Sandy Bridge era.
http://www.intel.co.uk/content/www/uk/en/products/processors/core/core-vpro.html
https://forum-en.msi.com/index.php?topic=285449.0 <---- Has Z270 TPM socket as an example and full vPro compliance.
The reason why all these processors support vPro is the existence of TPM socket headers on many consumer motherboards. This header is the difference between full vPro support and none if you look at the rest of the spec. It looks like this and is even present on mobile devices.
http://www.laptopmag.com/images/wp/purch-api/incontent/2016/06/51y1v71qrwl.jpg
jimmysmitty :
Then we have the CPU. The most common consumer chip that we buy, the i7 7700K or i5 7600K, do not support vPro. The 7700/7700T do and are more normally found in business PCs.
Binning. And marketing. No sense assisting the creation of overclocked consumer hardware server farms.
jimmysmitty :
Last we have the NIC. In the consumer realm, it is a mix. Most boards have an Intel NIC but some have a KILLER NIC while others will have a Realtek NIC. Of the consumer boards they almost all use the I219-V which does not support vPro, that is the I219-LM.
It's not a mix at all, it's a monopoly. Intel desktop e1000 variants make up well over 60% of the market alone. I've never owned a non-intel NIC in an Intel PC. It's only in laptops and AMD PCs that stregnth weakens as multifeature Bluetooth/Wi-Fi/ethernet chips from Boardcom and Realtek start to make more sense.
jimmysmitty :
The majority of people here will get either a H270 or Z270 chipset, alone which kills vPro, a K series CPU and a board with a I219-V NIC or other brand NIC thus disabling vPro from working at all.
In short, the majority of consumers will not have vPro which disables remote access via Intels AMT.
For you and I maybe. That is small comfort for me. I may be locked out, but the decades of warez around the world suggests that I am not the greatest unlocker of these things.