On 04.10.21 22:17, Hendra wrote: > hi Nico, > > "they" refers to the adversary.
huh? that's the first time you bring that up, IIRC. Your original question, how it is connected to the internet, does not imply any malicious intention. If you assume that, all bets are off. I don't think the quotes from Wikipedia apply in this case. For instance, if you consider the potential of some malware running on the ME, there is no need to reason about IP addresses or credentials anymore. It could just trace or spoof anything. Just whatever a root-kit in your host OS could do too, basically. > > so, in conclusion: > > - ME has its own MAC and IP address No, and no, IIRC. Regarding the IP all bets are off if you consider malware. > - ME can access the internet by using the OS's configured network > connection, without the OS ever noticing > - ME can record network credentials to persistent storage, while the > main OS is running. > - ME can use the recorded network credentials for internet access, while > the main OS is not running. > - ME cannot access the internet without Laptop's networking device ( > WLAN / WIFI card, WWAN card, bluetooth, wimax, ethernet ) > - a secret / hidden independent networking device, would probably look > suspicious under a microscope, nobody has seen something like that in > Intel's chipsets. > - ME without AMT firmware couldn't do out of band management, but may > still be networking capable. > - ME could set up an ad-hoc wireless network, with other iME chips in > the local area, then connected to the internet through other iME chips. Btw. all this `can` and `could` is also true about any other DMA capable controller in your PC (there are many) that is not sandboxed via IOMMU. > > How about an ultrasonic transmitter / receiver ? > Can iME communicate with the internet or other nearby iME chips or WIFI > hotspot through ultrasonic sound ? > > Somehow, I'm not sure, but sometimes I have assumption (maybe wrong > assumption), that ME still can connect to the internet, without using any > of these networking devices ( WIFI card / Wwan card / bluetooth / wimax / > ethernet ) , because: > > - wwan card / wimax / ethernet are rarely being used by Laptop, so maybe > this option can be eliminated. > - I think bluetooth could not be used for internet access, and it would > be easily detected by bluetooth scanning, so maybe this option can be > eliminated. > - I assume, wireless WLAN Wifi card, is the most possible way, for ME to > access the internet, but also I think wireshark can scan and capture all > traffic in the Wifi hotspot router, and so far, nobody report any capture > of ME traffic in the Wifi hotspot router, so maybe this option also can be > eliminated. > - So what else ? I am not sure. Maybe an ultrasonic transmitter / > receiver ? > - Or maybe an ad-hoc wireless network with other iME chips ? > - Or maybe all Wifi hotspot routers have iME similar chips that can > communicate hidden traffic with iME chips ? I do wonder now if your questions are about the Intel ME at all? All such covert channel ideas are not limited to the ME. Maybe this would be a better topic for this thread: How could malicious hardware/software communicate with the internet? I guess this is the wrong mailing list for such questions though. It's not about firmware anymore. And the moment you make it about the Intel ME for no technical reason, it becomes FUD. Nico _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
