RE:I & many others believe Intel ME is spyware

Intel Management Engine is complete spyware backdoor corporate trojan malware, even the NSA have instructed Intel to disable or provide a kill switch for it but LOL incidentally for the rest of us leave it running why because it can easily be used as a undetectable backdoor. It’s a beast to remove like all deeply embedded spyware, maybe peoples your time would be better spent providing tools to identify how deep this effluent goes and instructions on how to neuter or remove it? Even Google who are far from lily white when it comes to spying are taking active steps to remove IME from their products along with other major PC vendors, don’t take my word for it check it out for yourselves just google it.

If you want to attempt to neuter or remove IME See POST #8 for links and information & a zipped rich text format .Rtf attachment which is a companion file to the following U-tube link (entitled & highlighted in bold)
DIY: Disabling Intel ME ‘Backdoor’ on your Computer Scroll or navigate to post #8 for further details

We live in a world where everyone spies on everyone. If Intel wants to spy on us, they will do so either way & no one would notice. You can’t hide!

@eray ,

So reading between the lines you think its okay for lets call them covert agencies, firmware hackers, and malicious firmware hackers to have a ready made entrance or back door onto your PC without consent & for that lack of consent to be covert in architecture. The only argument for this is security by obscurity but even that is denounced by the cyber-security industry as unworkable.

The difference here is that if your firmware gets infected or abused here you cannot purge it like formatting a hard drive your PC becomes toast or bricked or worse all your passwords bank account details private information is very vunerable and the user will not have a clue as to the source of the attack, because you will have a parallel operating system (Minix) situated at ring (minus) -3 able to have full unfettered access to your PC & peripherals. Yet you as a user are not allowed access to this privalege ring-3 by design. At the very least there should be a very much in your face warning that Intel Management Engine has a very big potential to comprise your privacy not just from Intel but from other agents & bad operators too many to list here. Oh and by the way AMD chipsets have a similar system called Platform Security Processor built in also. The point here is as an individual you need to do the research to make the right choice for them.

Eray, you and I have very polarized opinions in respect of privacy and yes I take your point, what is the point of defending against a perceived undefendable cause, my privacy is worth nothing. However in between our respective opinions are a myriad of opinions “call it a grey area” that surely at least they need to be warned & informed so as to make an informed choice, at the end of the day they will need to decide but they need to know the pandoras box that is residing in their PC’s, not just dismiss it as Oh Well… & thus endorsing it.

Ah so it appears my comments are little controversial for this forum to take hence the removal of my posts in respect of IME.

NOT removed but relocated "would have been nice to be informed" in respect of relocation anyway apologies for the comment above

@ispy



My guess is one of the moderators moved your thread to a more appropriate topic section.

What operating system are you using and what are your computer hardware motherboard and specs?

Curiously, in order for that IME to even work you need the drivers installed under Device Manager would you not? So in effect if the IME drivers don’t exist for your operating system or you disable the hardware device in Device Management wouldn’t you also prevent this intrusion from speaking with your operating system so in a way neutering it from spying on you or at least sending information back home to Intel?

At worst you could just not install the drivers for your ethernet or WIFI and if the IME drivers were installed then it still would have no way to send packets of data out to cyberspace that it gathered on you.

If you installed Windows 2000 or XP on modern hardware like Z370 or later chipset it would not have the proper IME drivers for the operating system to function and thus no spying on you would occur. Even Windows Vista and 7 no longer work on most modern chipsets so IME drivers couldn’t install if the operating system can’t be installed in the future.

Intel and Microsoft want everyone 99.99% on Windows 10 64-Bit and all the FUD on Windows 7 and earlier operating systems is their end goal for complete dominance. They already accidentally killed off Windows 8.X on their own due to their own stupidity with Metro and making it act like a Cell Phone social media interface. After beta testing Windows 8.0 I had to wonder how much worse it was going to get. They were so embarrassed they decided to distance themselves and skipped the Windows 9.X naming scheme to Windows 10 to sort of battle it out with Mac OS X (10.0). I wished they had gone with Windows 9.0 instead of Windows 10.0 that way they could have released a new Windows 10.0 operating system today or Windows XP 128-Bit.

Personally for Microsoft I’d like to see Bill Gates return back in the helm and trash Windows 8.X-10.0 and revert back to Vista and XP going for a 128-Bit update with backwards compatibility to Windows 7.0 and DX 12.0 / 13.0-XX.X+ support. 2TB memory support and USB 4.0 and the operating system will never need upgrading until the Sun goes supernova.

For Intel I’d like them to finally spit out a quantum desktop CPU that can still run legacy Windows operating systems directly or via emulation if necessary.

Probably the reason why Intel and Microsoft worked so hard to bash anyone making XP drivers working on all their new hardware because of your so called IME Spyware backdoor doesn’t work it irritates them. Even the default Windows 10 installation settings are set on spying and sending all your information. :slight_smile:

Even without IME installed or working you still have Google, Facebook, and Amazon just to name a few which are the biggest data gathering entities people constantly use today.

Had that Andrew Yang won the Presidency we would have gotten money from taxing the hell out of these companies and then paid us for using our personal data for marketing ads directed at us.

More Thoughts and Conspiracies?

Spy VS Spy

SPY VS SPY.jpg


SPY VS SPY Flipped.JPG




XPLives

Not a spyware really.By its very definition Intel ME is a backdoor
I don’t believe that Intel created the ME with malicious intent. Intel could have created the ME with the NSA in mind, but I don’t necessarily follow that conspiracy
That being said,many software from browser you are using to every day simple apps,including OS you are using and your phone’s has vulnerabilities that can be exploited,injected with malware,steal your informations etc
more visible example,think about ads,from click-bait to mining.even chrome has patched 4 high severity vulnerabilities in 4 days even removed The Great Suspender (was supposedly a lightweight extension to reduce chrome’s memory footprint with millions of downloads) cause of including malware codes
Google tracking users,habits everywhere,you are giving away your life,information,whereabouts to facebook willingly…I can come up with thousands more just in 5 mins time frame
Long story short,Intel ME is the least of your problems

Hi onuracengiz & XPLives,

@onuracengiz - Yes more like a backdoor for uninvited guests although you could primarily target Intel as the bad penny in this scenario it becomes really scary or at least to me leastwise when you think that other criminal or unwanted agents can by-pass all your typical OS safeguards typically anti-virus, firewalls etc & either wreak havoc or not wreak havoc and instead harvest either confidential data or financial data which is really alarming. How many people do on-line banking today? In theory all that is needed is a Root/Boot kit with the relevant low-level ring privelege to piggy back off say for instance IME & they could do this with relative impunity. If I was a large financial concern I would consider this a serious potential breach of security not just from a financial aspect but consider all the sensitive confidential data. I watched in horror when one individual from a security consultancy tech firm discover what he referred to as a God mode bit that by-passed all of the ring priveleges gaining access to areas of your PC that you don’t want anyone to go. To me it seems crazy to facilitate this kind of activity & not even give the consumer a fighting chance of recovery. Yes OS malware is of great concern but at OS level it can be dealt with depending on the level of privacy you require but this is on a whole other scale which is being facilitated through the very broker that should be protecting their consumers.

IME is insidous in that it cannot easily be removed as it is needed as part of the boot process I am led to believe that the [ROMP] & Bup start up part of the code is part of the main CPU read only & cannot be removed in the latest editions of IME. Certain individuals claim to remove all but the essential elements of IME reducing a typical UEFI/BIOS from 5mb to approx 300kbs without any adverse effects through the boot process or resultant ongoing problems. Therefore & this is just me speculating here, if there is very little infra-structure there in terms of code there is less chance hijacking the users PC as there is less to latch onto thus reducing the risk factor, less is more secure in essence. Don’t give them the tools to exploit your system unless for them there could be an alterior motive which by definition is anyones guess & conspiracy smalltalk.

@XPLives - Curiously, in order for that IME to even work you need the drivers installed under Device Manager would you not? According to various web-sites and articles describing its architecture no that is not the case. “Allegedly” your pc becomes essentailly two parallel PC’s the sub system is a re-coded version of Posix VFS Minix (microkernel) that is totally independant of your OS so in effect does not need any element of your OS to run it. Again Alledgedly even if your PC is switched off but connected to a power supply the sub-linux/unix system can operate independantly with your PC switched off. Here is a google I.T persons take on it. Ring3 (User) Ring 0 (Linux) - Ring -1 (Xen etc) [At this point becomes invisible to the user] Ring -2 Kernel + 1/2 (half) kernel invisible to ring -1,0,3 SMM 1/2 kernel traps 8086 code Uefi kernel running in 64bit paged mode - Ring (Minus)-3 Management (ME) ISH integrated Sensor Hub Inodation engine (which I have never heard of & still remains cloaked in secrecy even to Google at this stage). A conspiracy only remains a conspiracy until the truth is revaled but more importantly acknowleded take for instance the tobacco industry, the car industry (omissions) the pharmecutical too many to mention, building industry asbestos all sectors that live in denial land, tie up the legal process in years of litigation morph into other companies these are stock avoidance tools of the business world. You could be right about the evolution of OS’s it would need further investigation.

I think I will gather some further information with links so others can look at the information, and I would encourage others to undertake their own research to have an informed opinion. I do not want to scare anyone beyond what is reasonable but to me this is potentially insidous & scare tactics become self defeating if taken to the extreme but my concern is there.

As to my PC Stats I am using Windows XPSP3 dual booted with Q4OS Linux My PC is an Intel Core i7 with 8Mb ram 4gig ring fenced for ramdrive for paging file temp etc. Intel ME version 8.1 build 1265 HP SFF Compaq Elite 8300 nuthin impressive by todays standards but allows XP Which as you say XPlives is rapidly becoming obsolete. I think Linux will be the next step for me but we’ll see.

For other users who maybe looking for alternatives who are stunting IME are companies like:
Google (Take this with a pinch of salt)
System76
ThinkPenguin (Obviously Linux)
Purism
Dell
Are all PC vendors that are providing PC’s with IME seriously neutered disabled or removed.
And for those who think my motive is to “Hide” hide where I’m here in plain sight.

The NSA (again another pinch of salt) have requested Intel to provide them with PC’s with a kill Switch to disarm IME but have requested all others PCs to remain with IME this kill switch is known as HAP/ALT Me Disable bit for IME >=11 or ALTMeDisable bit in IME <vers11 other than that there is a flashing routine (Not for the faint hearted or inexperienced) that uses a Rasberry Pie from another PC to first backup your existing UEFI BIOS then visit a web-site that contains a Python script ME_Cleaner that cleans all but the RBe Kernel, syslib & Bup which at the time of writing is the minimum footprint needed to ensure your PC firmware boots & remains stable. Then there is the exploits to consider that hackers have already found along with Spectre & Meltdown Genre rootkit/Virus’s by the way people who have gone down this route & been successful state that there boot times rapidly increase. The Intel detection tool does not work in XP I can report I had to use it in Linux Q4OS to see if my PC was vunerable, you can guess the rest.

I will set to task writing some links for people to investigate further, my motto is don’t be scared but be informed, but the final decision is yours?

Best Regards,
ispy (that handle is not that I am covert its just a game we played as kids iSpy with my little eye something beginning with…)

README DEL_IME.zip (298 KB)

"Legitimate reasons to be cheerful why would you want to remove Intel Management Engine ("I’m sorry I don’t have guides in respect of AMD firmware but there is a hint or rumour that AMD may go open-source possibly?) I have written a companion basic Rtf Readme file to help in the removal of IME for those who want to print off instructions. Naturally if there are any errors let me know please? This file is attributed to the link below in Bold DIY: Disabling Intel ME ‘Backdoor’ on your Computer attachment.

Why would you want to remove IME?

1) Its an unnecessary vulnerability (From many sources or agent provocateurs)
2) Intel don’t tell you its there
3) Intel don’t fully explain what it does
4) They don’t give you an official way to shut it off (unless you are the NSA)
5) And probably the biggest reason is to make your PC as secure as you can from exploits running below or behind your OS.

WARNING - Please be advised that undertaking any of these procedures “Could” result in damage to your PC. “If” you are an ineXperienced PC user, you do NOT understand are “Confused” in any way about any aspect of the information below, or you are the kind of person that takes short cuts & refuses to read manuals DO NOT ATTEMPT THIS Instead find either a suitably competent person, pay a competent third party or if you have the right financial resources Purchase a new PC from a PC Vendor. You will need to decide the best/least path of resistance to undertake these procedures to achieve the best results for yourself. The worst that could happen is that you could render your PC unusable but IF you strictly follow the guidelines and make a suitable backup of your UEFI/Bios you will be in a favourable position to make an appropriate recovery should the effluent hit the fan. It’s a good idea to also visit your PC manufacturers Website before undertaking these procedures and obtain the current and/or updated firmware flash for extra belt & braces backup reassurance. You are of course going to need to establish what UEFI/Bios make and model version you have & make sure the relevant build number and whether your firmware is consumer or corporate related in nature. I’m only stating this because you may have acquired a second hand PC that may have been supplied from a corporate source rather than a consumer PC. Trust me there is a difference & it will become relevant to you, if this is the case.

There are essentially two (2No) ways of disabling IME to date, one is to use the NSA Kill Switch which is undertaken in two ways dependent on your firmware build . Whether or not you believe this switch could be over-ridden or re-activated is for you to decide? I think also the NSA would have procedures that would allow them to re-activate IME easily. I think also “If” I worked for the NSA I wouldn’t rely only on a kill switch without knowing the complete Architecture of the Intel AMD CPU/Southbrige but that is just me speculating. I think also the NSA would have their own procedures that would allow them to re-activate IME after-all a light switch can be either On or Off dependent on the person in the driver seat, the infra-structure behind the switch will remain in the same state, again second guessing.

1. Watch these videos first to gain an appreciation of the potential threat level of IME It’s quite good in explanation but the presentation is by a senior Google
employee so make of it what you will. I liked it for its content & understandable explanations

https://youtu.be/iffTJ1vPCSo - Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google

Other interesting information sources of info:
https://www.youtube.com/watch?v=grb-_xdqpEQ - Is Your CPU Spying On You?
https://www.wikiwand.com/en/Intel_Management_Engine - General information
https://news.ycombinator.com/item?id=15742287 - An in-depth security review of the Intel Management Engine
https://www.youtube.com/watch?v=Lr-9aCMUXzI - How Intel wants to backdoor every computer in the world | Intel Management Engine explained
https://www.youtube.com/watch?v=WJo8RsJeqxU - DEF CON 26 HARDWARE HACKING VILLAGE - Brian Milliron - Disabling Intel ME in Firmware
https://www.youtube.com/watch?v=pq9ksus1jWI - Re Re-coded Posix/Minix/Unix Linux OS run on ARC Processor For IME
https://www.youtube.com/watch?v=HNwWQ9zGT-8 - Spyware at The Hardware Level - Intel ME & AMD PSP
https://www.youtube.com/watch?v=eTVO2lwG5RI - Intel Acknowledges Vulnerabilities in its Management Engine
https://www.youtube.com/watch?v=NwSm8GzqdBg - Intel Did it Again! (AMT & ME SPOOKINESS)

2. Information in respect of HAP/ALT Me Disable bit for >11 & ALTMeDisable bit <11

https://github.com/corna/me_cleaner/wiki…ltMeDisable-bit - HAP AltMeDisable bit NSA ON/OFF method explained
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html - Disabling Intel ME 11 via undocumented mode
http://fm.csl.sri.com/LAW/2009/dobry-law…-Challenges.pdf - NSA HAP Stuff

Okay heres the U-tube help-me on how to undertake the removal/neutering of Intel Management Agent if you are concerned about it’s Potential backdoor capabilities:

https://www.youtube.com/watch?v=8R4QXUWB274 - Disabling Intel Management Engine (View this first though before the next link)
https://www.youtube.com/watch?v=aRUxfxp9dJ8 - DIY: Disabling Intel ME ‘Backdoor’ on your Computer
https://github.com/corna/me_cleaner - Website link to Python ME_Cleaner if you want to reduce IME to approx 300kbs from approx 5mb

Here are some useful utils that you can you to diagnose whether your IME is at risk, what your IME version is etc
a) This site has useful utils to diagnose which version of IME you have like Plutomaniac’s ME-analyzer couldn’t get it to work with my XP OS (Kernel32.dll error) but no doubt useful for those with Vista & above.
b) For XP users HWinfo (I use the portable version no interlacing with the registry) here’s how install progey where-ever. Dbl click on HWINFOPortable.exe, leave sensors-only summary-only un-ticked depress <RUN> button let it do its thing examining then close System summary which will close both windows open System summary and Active clock. Then within the remaining window HWiNFO whatever build window click on LH window plus sign Expand “+” aligned to “Motherboard” which will open 3 things, select Intel ME (Dbl click it which will open the right hand pane window with “viola” "Intel Manageability Engine Features, build etc then scroll down to "ME Firmware platform type & make a note of:
Platform Target Market Type: Corporate or what ever
Host ME Region Flash Protection Override (HMRFPO) Status: Locked
c) Another useful tool is CrystalDMI.zip google it you will find it give a print out of a lot of useful info for flashing bios etc
d) Another useful tool is Universal BIOS Backup ToolKit 2.0.zip to make a backup of your BIOS etc however a word of caution here how do you know that this tool has made a successful backup until you actually test it. It has been reported that it is not 100% reliable and when you think about it is perfectly understandable.
e) Also Intel themselves furnish quite a lot of utils (Linux & Windows) which you can find & if you can’t always use Way-Back-Machine to obtain older stuff for older systems etc. CSME detection tool command-line & gui front end etc
f) Inspectre2 GRC’s old but gold for older PC systems to check for vulnerability of your PC works on XP.
g) Intel ME 9.1 Firmware Repository r21.rar will need WinRar to unpack 7Zip won’t cut it when trying to unpack it. For older systems with Bin files contained therein.
h) UEFITool_0.28.0_win32.zip again google it you will find it NOT4XP
i) Putty putty-0.74-installer.msi needed to connect R-pi to ME_Cleaner website when flashing

This is a useful link to illustrate the God Mode Bit
https://www.youtube.com/watch?v=_eSAF_qT_FY - not really IME but interesting none-the-less

Hardware - That will be needed, a spare Bios chip for your make & model of your PC (always a good Idea) , if the Mboard does not have a removable bios chip then you can get an adapter from ebay etc that will clip onto your Bios Chip. A Raspberry Pi with case with GPIO header, long or short wires depending on your choice, a breadboard, a jumper. Tweezers long nose pliers a PLCC chip extractor, Circuit board diagram of both your chip-set & your raspberry Pi you can get these on-line.

Some twisted light humour, tongue in cheek humour Re IME from the perspective of adolf hitler’s last days in his underground bunker subtitled. If you are the type of person that does not like inuendoed profanity do NOT watch this video.

https://www.youtube.com/watch?v=JnmHkXRkZ6M - Hitler react to Intel’s IME (To me this was funny!)

I cannot vouch for the material contained within these videos especially the humourous utube link & I would encourage everyone to do their own additional research as this is a rolling road what is current soon evolves into new information tomorrow. Satisfy your own minds in terms of the authenticity of the links provided?

Curious, but can i just not install Intel ME and it won’t be a security risk? It’s practically useless right? I hear its meant for remoting in or something. I also feel more latency with each Intel or driver i install that is 100% not required. LAN drivers are typically 100% required, sometimes i’ve seen LAN drivers are not needed but i think that was before Windows 10 and simply the oem driver out of Win10 would be able to get online.