πŸ’» Hardware πŸ‘Ύ Backdoors History (IntelM ...

πŸ’» Hardware πŸ‘Ύ Backdoors History (IntelME, Computrace, BIOS) + Recent Cases

Aug 01, 2022

Post may be updated with new relevant information.

⭐ πŸ”— Share on Telegram, Social Media


(click image below to watch latest on (πŸ§…Tor Friendly) Bitchute)

(Click Above Cover Image To Play Latest Video) [ πŸ§… Tor Browser Friendly ]

[ Watch On Peertube ] [ πŸ§… Tor Browser Friendly ]


SUMMARY

Covers various (historical + present) backdoors found in hardware (including this week's latest Asus motherboard UEFI firmware backdoor:"CosmicStrand").

Important for both indivduals, gov, and small businesses to be familiar with the risk.

It doesn't mean all 'backdoors' (ex: test accounts) are put there for ill intentions. Large networks require remote access, and server management.

It's nothing new.


Intel AMT Briefing

Many are still unaware (most) computers come with πŸ‘Ύ Intel Management Engine, and many, AMT (active management tech), a proprietary, remote access backdoor (has legitimate purposes, but by definition, acts as backdoor).

There are legitimate advertised purposes, while functions mirror that of a hardware backdoor implant.

Computers with ME, can't hold power without it: removal by design is very difficult (if not impossible - depending on hardware), remote access hides from PC owner's purview). If you attempt to remove it completely, your PC will not power on for long.

HAP Bit

'HAP bit' (see me_cleaner), once set, partially 'neuters' Intel ME. Reportedly a solution for agencies who needed to meet the bar for a "high assurance platform" (HAP bit does not work for all models).

'Normal' customers are generally left with no choice in newer Intel with AMT / vPro model computers.

Newer computers are completely dependent on Intel ME co-processor. Remote communication OOB (Out-of-band), being most concerning.

Why so few options for Intel models without? It's worth asking.


Others might not be aware of servers (ie: cloud rental) having πŸ‘Ύ IPMI BMC hardware with remote OOB (out-of-band) access: in truth, this should be expected for large server mgmt - make sure you trust your providers. But it's still not common knowledge to the average person, so I mention it.

What about πŸ‘Ύ Computrace? Familiar? Aware of Lojack? Computrace is another 'backdoor' styled security feature, covered in the video. It looks, acts, and feels like a backdoor for those performing system analysis (as the video shows).

Learn about the above and more, in today's latest video.


(support original content: options - sharing, reposting links to content is the best way)


Could there be additional persistent undocumented features inside ISP routers?

You could like the idea of a simple, single board computer for routing at home, and at the office.


Avoid ISP routers - many problems over time, new innovations can add attack surface. Find another router (router advice towards bottom).

INFO: ISP's in USA since 2017 have been legally allowed to sell customer data / identifiers "without explicit consent." Other countries may vary in their data protection, but (in my option), we should assume abuse of this exists in the data broker industry.

(not all ISP's reported to do this)


TIP: encryption helps prevent (potential) malicious redirection of personal devices.


DETAILS / MITIGATION EXAMPLE

Blocking hardware related backdoors locally (from local OS) won't likely result in a plausible solution.

RING LAYERS AND SCOPE

The rings represent layers of privilege. Kernel, at the center (below), has access to everything outside of it. Repeating per ring.


Take Intel Hardware Example Here...

INTEL MGMT ENGINE RING LAYER (-3)

Additional rings add privileges that otherwise wouldn't have existed, for ME, at Ring -3.

Meaning it has privileges over everything outside of it.

Intel ME runs at highest privileges, completely outside oversight (ie: Windows, Linux).

Learn more on rings on Intel hardware, here.

[and see: Intel MGMT Engine Post]


MITIGATION

In some cases we may be able to mitigate, through a series of creative choices (where possible).

Use information you have on backdoor pathways / communication to mitigate on LAN.

One mentions in this example (see video): AMT requiring either built in Intel AMT capable ethernet, and / or Intel WiFi with OOB / TCP / IP stack. Otherwise an AMT capable device.

Alternative connection methods can become one of those mitigations.

Another option (depending on the backdoor location, access) would be reflashing (where applicable).

Firmware

  • Open-WRT based firmware (router option).

  • Libreboot, and Coreboot more open firmware (see below detail).

  • Misconception Debunking: coreboot fully can (and does) produce 100% EXACT SAME OPENNESS IN BIOS firmware as libreboot - they both can produce this same result. Identical. The inaccuracy lay in the fact libreboot was originally started to only support older machines (ie: ancient models that supported less blob). Now that libreboot supports newer models, the result on a T430, X230, is 100% identical. Because I am offering coreboot laptops on this blog, I feel need to share: libreboot does not produce something more open than the coreboot I offer on models. coreboot can build the same exact BIOS benefit / openness.

  • Main difference being: Libreboot can (in some cases) make path to coreboot BIOS easier for some new users.

  • The above misconception can be very confusing / misleading to some users - and has rarely has the record been corrected. So here I am, defending the openness of laptops offered here (same openness as libreboot).

  • SUMMARY: There is no added benefit to libreboot over the coreboot offered here.

More Intel AMT options collected for the community, see: This Post.

Router Advice

I have been asked "what router to get"? Routers play a key role in home / business security. Devices will be guided, ("routed") by your router. They can (also) be redirected (maliciously) by a router.

Choose carefully.

On the hardware end: if you aren't DIY, and want something "ready to go", see hardware reviews, search relevant vulnerabilities.

Sometimes a backdoor is not necessarily placed intentionally. It could be as small an operation as the single rogue employee, or a number of outside actor/s between you, and manufacturer.

Also: Watch out for counterfeit routers.

ex: July 2022: Arrest in scheme to sell Cisco Counterfeit routers - Florida Story

"Cisco Partners Sell Fake Routers To Military" Read Story Here

2 projects in the FOSS Commuity are Open-WRT firmware and PF Sense (FreeBSD based). Both provide controls for networking (read reviews; do a bit of vulnerability searching on hardware).

TIP: reputable hardware vendors, with strong FOSS community backing are your safest bet when looking at mass manufactured hardware.

(see if they have a forum; look for reviews inside FOSS community)

Or, you can flash one yourself. Either a single board computer, or one supporting
Open-WRT firmware / PF Sense (see below for offer here)


πŸ’» COMPUTER πŸ” SOLUTIONS

βœ… SOLUTION: Coreboot based Linux laptops (US BASED SERVICE) -- service helps support independent content creation here. πŸ“¨ contact if you have a question on this service.

If somewhere else in the world, I have listed other options / companies offering such service below.

Now offering (limited availability) Coreboot BIOS Laptops with Intel Management Engine neutered / flashed (US Only at this time) in the "commissions" section.

Come with Linux preinstalled on new encrypted storage (optional), and perfect for Tails / Whonix machines.

Flashing Coreboot / Disable IntelME options avert many potential (mentioned) problems in stock BIOS firmware (ex: Superfish).

πŸ“¬ Email (Info / Questions)


Share suggestions, by comment, or email.


Have Backdoor Experiences On Hardware / Software?

Share Your Experience In The Comments

Vous aimez cette publication ?

Achetez un cafΓ© Γ  πŸ₯· (RTP) Privacy Tech Tips πŸ“‘

Plus de πŸ₯· (RTP) Privacy Tech Tips πŸ“‘