Intel's ME toolkit founder Ylian Saint-Hilaire openly describes AMT as "Hacker Software" in this video here (same as above). Recently his statements have been demonstratively proven. 1a. What are the various methods Intel offers their users to disable this "hacker software" built into our computers, IE. How can we disable Intel ME? 1b. How effectively will an aftermarket NIC protect Intel users against this Intel ME "hacker software." 2. Can Intel ME bridge or interface with after market network cards over Serial, USB, PCI or PCI express bus, or through a live O/S? 3. How effectively will using an aftermarket NIC protect its users against a compromised ME chip? I have an older system, its firmware has not been supported by the OEM manufacturer since 2009. It hosts an ICH10R chipset. I have considered using methods like ME_Cleaner to permanently remove the bulk of ME from my system. However this requires hardware flashing with external after market components and comes with the risk of bricking the system. If Intel or the community working around the clock to mitigate this serious threat do not come out with a simple patch to effectively disable Intel ME, like the HAP bit (High Assurance Program) given to the NSA when Intel ME was first created, this leaves its users no choice but to hard flash their chip. Given the inherent dangers this could easily far outweigh the cost. As of the time of this post Intel users are forced to buy an entirely new system or wait for Intel to release a patch. A patch to maintain "hacker software" practically no Intel users actually want, use or need. Its all fine and great for those who actually do, but I'll leave it to you to guess the percentage that actually use it. Patching "hacker software" to make it "safer". Wow that doesn't sound like it'll end very well.It is a cat and mouse game that will go on and on ad-infinitum until the bulk of Intel ME is disabled altogether. If there is nothing to fix, why break it. Seeing as this affects billions of devices around the globe including ATM's, industrial applications, banks, corporations, literally everything... it is clearly becoming the single greatest computer security threat in existence. I highly doubt for example, nuclear plant operators will be siting around waiting for Intel to release the next patch while their facilities are undergoing a full blown meltdown.
In my efforts to mitigate this threat I have ordered an aftermarket Ethernet card which I bought for its OPT (one time flash memory) qualities. There is no on board flash ROM to hack. I don't want to bypass Intel ME with an after market NIC that could be reprogrammed to do something similar or to allow OOB pass through; Chips like RLT8111Gimplement ECMA-393, Intel's ProxZzzy [1]; This standard has ME like qualities. It allows the ethernet card to remain connected on a network and send and receive packets while the computer is powered off in "sleep" mode. Intel ProxZzzy has an inbuilt packet sniffer that is triggered by specific bits to perform specific functions. ECMA disclosed that Intel's ProxZzzy standard is insecure by design, and ECMA's standard does not "address" the security holes. [1] Quote "This Standard does not specifically address Security concerns arising out of the proposed proxy protocol design." They admittedly do not disclose the security risks that are currently present. [1] They will disclose that Intel ProxZzzy can be hijacked and used to generate rogue packets and attack the host machine and the network. [1]Quote "It is possible that an adversary may assume control of the proxy and use the Proxy to launch attacks on the system, on the network, or on other Internet connected machines. " [1] According to their documentation "The 802.11 host and the Access Point (AP) are configured to use a common “Profile” – a set of connection parameters such as band, channel, security, etc. The profile is configured out of band and prior to the host going to sleep." The diagram in the above documentation exhibits out of band signals as bypassing all hardware, enabling direct kernel access. Sounds as bad as Intel ME.
4. Does Intel's ProxZzzy OOB on aftermarket network cards allow interfacing with onboard Intel ME/AMT?
I have only one suggestion. That is for Intel to offer the public a simple tool to disable the "hacker tool" built into our computers permanently, that leaves only components necessary to allow the computer to boot and run properly.
Thank you so much for your time.
Message was edited by: walle