Hello! Regarding the Intel ME, there's a good selection of articles on Hack A Day. For starters: https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
And then: https://hackaday.com/tag/management-engine/ There you'll find five separate ones covering much of what you would need. No I don't write for them, or whatnot, I just support them. ----- Gregg C Levine [email protected] "This signature fought the Time Wars, time and again." On Mon, Oct 4, 2021 at 8:40 PM Sam Kuper <[email protected]> wrote: > > On Tue, Oct 05, 2021 at 03:17:13AM +0700, Hendra wrote: > > [..] so, in conclusion: > > > > - ME has its own MAC and IP address > > No. > > NICs have MACs. > > NICs *may* have IP addresses. > > > > - ME can access the internet by using the OS's configured network > > connection, > > Or perhaps a network connection configured in BIOS or UEFI. > > > > without the OS ever noticing > > Yes, that's how OOB management works. ME/AMT is a bit like iLO or IPMI, > but implemented via CPU's coprocessor. > > > > - ME can record network credentials to persistent storage, while > > the main OS is running. > > *Maybe*. > > > > - ME can use the recorded network credentials for internet access, > > while the main OS is not running. > > *Maybe*. > > > > - ME cannot access the internet without Laptop's networking device > > Almost certainly correct. Also, the NIC has to be compatible: the ME > does not, AFAIK, have drivers for all NICs. > > > > - a secret / hidden independent networking device, > > A networking device other than the PC's obvious/legitimate NICs? > > > > would probably look suspicious under a microscope, > > Uncertain. > > First of all, you can't tell for sure what a chip does just by looking > at it with a microscope: > > https://www.schneier.com/blog/archives/2013/09/surreptitiously.html > > > Secondly, even if you know what a chip is for, and that it isn't a NIC, > and that it hasn't been tampered with, and that it isn't necessarily > even physically connected to circuitry outside the PC, that doesn't mean > it can't be used to exfiltrate data. So "networking devices" (in the > loosest sense) could be hiding in plain sight. E.g. some GPUs can be > used to exfiltrate data wirelessly: https://arxiv.org/abs/1411.0237 > > AFAIK, there's no evidence existing ME versions contain code for > intentional side-channel data exfiltration. > > > > nobody has seen something like that in Intel's chipsets. > > Again, not clear what you mean. Marginally relevant reading: > > https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/ > > https://hackaday.com/2019/05/14/what-happened-with-supermicro/ > > > > > - ME without AMT firmware couldn't do out of band management, but > > may still be networking capable. > > Uncertain. Cf. "Lojack for laptops" - IIRC this did not require AMT. > > > > - ME could set up an ad-hoc wireless network, with other iME chips > > in the local area, then connected to the internet through other iME > > chips. > > *Maybe.* > > For each PC involved, ME would need PC to have a compatible NIC. > > A transport medium would need to be present between those devices: if > WiFi, they'd have to be within range; if ethernet, they'd have to be > plugged in and on a suitable topology. > > That's just to make a mesh. > > And AFAIK, there's no evidence existing ME versions contain mesh > networking code. > > > To gain internet access, then in addition to the above, one of the > devices on the mesh would need internet access, e.g. via cached > credentials or credential-free. > > > > How about an ultrasonic transmitter / receiver ? > > There's no shortage of techniques for exfiltrating data over air gaps: > > https://thehackernews.com/2020/02/hacking-air-gapped-computers.html > > https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-using-pc-fan-vibrations/ > > https://en.wikipedia.org/wiki/TEMPEST > > And no reason why control of the CPU can't provide an acoustic > exfiltration channel. (After all, that's effectively how acoustic > cryptanalysis works.) > > But that doesn't mean existing ME versions have code for this, or that > the ME can access the internet that way. > > > > Can iME communicate with the internet or other nearby iME chips or > > WIFI hotspot through ultrasonic sound ? > > *Maybe*. > > Most routers don't have audio transducers (speakers/microphones), so > can't detect ultrasonic sound in a traditional way. > > Even without audio transducers, wifi routers can in principle be > programmed to convert some kinds of Wifi signal fluctuation into audio: > https://www.theatlantic.com/technology/archive/2016/08/wi-fi-surveillance/497132/ > > But AFAIK this has been achieved only with fluctuations caused by > macroscopic movement - not with the much smaller fluctuations caused by > ultrasonic sound sources. > > > > Somehow, I'm not sure, but sometimes I have assumption (maybe wrong > > assumption), that ME still can connect to the internet, without using > > any of these networking devices ( WIFI card / Wwan card / bluetooth / > > wimax / ethernet ) , because: [...] > > Unlikely. > > > > - Or maybe all Wifi hotspot routers have iME similar chips that can > > communicate hidden traffic with iME chips ? > > Most wifi routers don't use x86 architecture or Intel CPUs, but some > router chipsets do have coprocessors. OpenWRT and related projects > maintain databases of router chipsets, if you're interested. > > Even if a router's chipset has a coprocessor, though, that doesn't mean > it can or does "communicate hidden traffic with iME chips". > _______________________________________________ > coreboot mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
