Despite some companies making strides with ARM, for the most part, the desktop and laptop space is still dominated by x86 machines. For all their advantages, they have a glaring flaw for anyone con…
Intel Management Engine is a component that has access to your computer on a level that even you, the computer owner, don’t have access to. It can be operated remotely, even when your computer is off.
And traditionally you can’t even disable it (remember, you’re not the trusted party in that mix).
My understanding is that it’s meant to be an enterprise tool for Sys admins of business and schools to allow for remote monitoring and troubleshooting, but because it’s expensive to make two sets of devices, it’s in everything.
Relevant bits from that wiki:
The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.
.
Intel’s main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.
.
Critics like the Electronic Frontier Foundation (EFF), Libreboot developers, and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the owner-controlled CPU cores having any knowledge), and has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall.
.
In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the National Security Agency (NSA) budget request for 2013 contained a Sigint Enabling Project with the goal to “Insert vulnerabilities into commercial encryption systems, IT systems, …” and it has been conjectured that Intel ME and AMD Secure Technology might be part of that program
So who is using it? Where are tools which allow you to set up and manage the infrastructure? Why it can’t be disabled, except hacks, and one undocumented feature requested by NSA, because they did not want it running? It is a backdoor, if it wasn’t it would be disabled by default and you would have to pay premium to have that feature enabled.
Intel Management Engine is a component that has access to your computer on a level that even you, the computer owner, don’t have access to. It can be operated remotely, even when your computer is off.
And traditionally you can’t even disable it (remember, you’re not the trusted party in that mix).
https://en.wikipedia.org/wiki/Intel_Management_Engine
My understanding is that it’s meant to be an enterprise tool for Sys admins of business and schools to allow for remote monitoring and troubleshooting, but because it’s expensive to make two sets of devices, it’s in everything.
Relevant bits from that wiki:
.
.
.
So who is using it? Where are tools which allow you to set up and manage the infrastructure? Why it can’t be disabled, except hacks, and one undocumented feature requested by NSA, because they did not want it running? It is a backdoor, if it wasn’t it would be disabled by default and you would have to pay premium to have that feature enabled.
Enterprise. Intel has a tool that lets you use it but other management services like SCCM and landesk have methods to use amt/vpro.