It is possible that Intel ME networking could be activated by some contents in regular packet destined to your normal IP, since it have access to network controller and could monitor all trafic, but I'm not shure. May be some ME versions could and some couldn't.
Another way they could activate it would be if they controlled your router. If they've compromised computer manufacturers, they've probably compromised router manufacturers, too. So Mossad sends a signal of some sort to your Internet router, which then sends the activation packet to your PC.
since it have access to network controller and could monitor all trafic, but I'm not shure. May be some ME versions could and some couldn't.
If there are any limitations in the ME hardware, they can be gotten around. Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program. Then the program can run on your ordinary CPU.
Another way they could activate it would be if they controlled your router.
Use OpenWRT on your home/office router. Small routers use simple CPUs without ME like things. So replacing firmware will get rid of any backdors manufacturer could install with original firmware.
Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program.
Motherboard chipset manufacturer have to know beforehand exactly what OS you will use on your computer to make it possible. It could work to some extent with Windows/iOS, but impossible with Linux/BSD/Haiku etc, since there are endless variants of possible kernel configurations and versions and each have different addresses and internal structures organisation. You will need something really sophisticated in ME to make it possible.
So to summarise - use opensource from trusted sources anywhere possible to reduce probability of exploiting or using backdoors. Opensource is not a panacea, and need some RTFM and concious setup and adjustment but at least it will make surveillance on you much more complex.
There is a drawback, really. Using opensource make you different from regular sheeple and so more noticeable. There could be another approach used - use typical Windows/iOS in default configuration inside qemu VM running on top of opensource system to look like regular user for internet. Do not store any sensitive data in VM, and have a backup copy of VM disk image with clean installed system in case malicious actors break into your dummy honeypot system. Or you could just use a copy of clean backup image each time you start VM for internet browsing.
To be fair, it isn't confirmed that Intel is compromised, the ME has legitimate uses. It's just sketchy and proprietary. I wouldn't jump to the conclusion that routers are compromised. Although it certainly can't hurt to install Tomato or DD-WRT.
To be fair, it isn't confirmed that Intel is compromised, the ME has legitimate uses.
You are right, but in security aspect of computer tech there are no presumtion of innocence. Thing should be proven not compromised, not vice versa.
Also, that legitimate uses are accounted as an additional attack vector.
Really, the whole idea of AMT (ancestor of ME) was strange since the beginning. OK, you need to manage large fleet of employees laptops, so why not just boot them from corporate network and use network drives? Everything will be perfectly manageable on company server, no potential threat of leaking sensitive data through "lost laptop" or installed by user malware. It will even reduce costs, because that laptops will not need HDDs/SSDs.
Serious servers usually have IPMI controller, but the main difference is that servers don't usually have display and keyboard connected and it is annoying to change something in BIOS or reinstall OS from scratch when you have hundreds of them. So the IPMI goal is quite different than one of ME/PSP.
I wouldn't jump to the conclusion that routers are compromised.
That's proven thing, really. Multiple things. From outdated firmware with vulnerabilities on few years old router with dropped support to well-known "engineereing" or default passwords.
And meanwhile Tomato and DD-WRT is just an outdated versions of OpenWRT with blobs from official firmware for the sake of tiny performance goal on specific hardware. There is no any sense in using them instead of OpenWRT unless you participate in dick measuring contest with a buddy on a maximum possible throughput value.
IDK about Tomato, but initially DD-WRT was a customized original firmware for something like Asus 500 router. Then, they switched to OpenWRT codebase with addition of proprietary drivers and customized web-interface. So at the beginning it have some sense, as better, more open version of manufacturer firmware with additional features and with fixed bugs and closed backdoors like unchangeable root password.
The fact that ME can be used to implement a back door is so suspect that the legitimate uses seem more like a cover story than the real reason for implementing it. They could have supported those use cases in a way that doesn't break security.
Another way they could activate it would be if they controlled your router. If they've compromised computer manufacturers, they've probably compromised router manufacturers, too. So Mossad sends a signal of some sort to your Internet router, which then sends the activation packet to your PC.
If there are any limitations in the ME hardware, they can be gotten around. Since it has access to memory, it can write an arbitrary program into memory, and overwrite OS kernel routines or data structures to prevent that program from being detected, while allowing the OS to schedule it like any other program. Then the program can run on your ordinary CPU.
Use OpenWRT on your home/office router. Small routers use simple CPUs without ME like things. So replacing firmware will get rid of any backdors manufacturer could install with original firmware.
Motherboard chipset manufacturer have to know beforehand exactly what OS you will use on your computer to make it possible. It could work to some extent with Windows/iOS, but impossible with Linux/BSD/Haiku etc, since there are endless variants of possible kernel configurations and versions and each have different addresses and internal structures organisation. You will need something really sophisticated in ME to make it possible.
So to summarise - use opensource from trusted sources anywhere possible to reduce probability of exploiting or using backdoors. Opensource is not a panacea, and need some RTFM and concious setup and adjustment but at least it will make surveillance on you much more complex.
There is a drawback, really. Using opensource make you different from regular sheeple and so more noticeable. There could be another approach used - use typical Windows/iOS in default configuration inside qemu VM running on top of opensource system to look like regular user for internet. Do not store any sensitive data in VM, and have a backup copy of VM disk image with clean installed system in case malicious actors break into your dummy honeypot system. Or you could just use a copy of clean backup image each time you start VM for internet browsing.
To be fair, it isn't confirmed that Intel is compromised, the ME has legitimate uses. It's just sketchy and proprietary. I wouldn't jump to the conclusion that routers are compromised. Although it certainly can't hurt to install Tomato or DD-WRT.
You are right, but in security aspect of computer tech there are no presumtion of innocence. Thing should be proven not compromised, not vice versa.
Also, that legitimate uses are accounted as an additional attack vector.
Really, the whole idea of AMT (ancestor of ME) was strange since the beginning. OK, you need to manage large fleet of employees laptops, so why not just boot them from corporate network and use network drives? Everything will be perfectly manageable on company server, no potential threat of leaking sensitive data through "lost laptop" or installed by user malware. It will even reduce costs, because that laptops will not need HDDs/SSDs.
Serious servers usually have IPMI controller, but the main difference is that servers don't usually have display and keyboard connected and it is annoying to change something in BIOS or reinstall OS from scratch when you have hundreds of them. So the IPMI goal is quite different than one of ME/PSP.
That's proven thing, really. Multiple things. From outdated firmware with vulnerabilities on few years old router with dropped support to well-known "engineereing" or default passwords.
And meanwhile Tomato and DD-WRT is just an outdated versions of OpenWRT with blobs from official firmware for the sake of tiny performance goal on specific hardware. There is no any sense in using them instead of OpenWRT unless you participate in dick measuring contest with a buddy on a maximum possible throughput value.
Well, Tomato and DD-WRT are the ones that were relevant when I paid attention. But install OpenWRT then.
IDK about Tomato, but initially DD-WRT was a customized original firmware for something like Asus 500 router. Then, they switched to OpenWRT codebase with addition of proprietary drivers and customized web-interface. So at the beginning it have some sense, as better, more open version of manufacturer firmware with additional features and with fixed bugs and closed backdoors like unchangeable root password.
It played its role at the time.
The fact that ME can be used to implement a back door is so suspect that the legitimate uses seem more like a cover story than the real reason for implementing it. They could have supported those use cases in a way that doesn't break security.