Pages, some stolen, some original

Thursday, September 21, 2023

The Illusion of Privacy

Redpitaya Logic Analyzer

The Feral Irishman posted a video yesterday where Gardiner Bryant that talks about how evil Google is and how they are invading your privacy and stealing all your secrets. The first few minutes where he gives us some basic background are good, but then we get over into the whole privacy argument. My view is that I don't care. 

If you have some kind of information that you want to keep secret, like where your stash of anti-tank land mines or where your chest full of gold doubloons are hidden, don't put it on the net. Period. There was that capo in some gangster movie whose important conversations were all carried out by whispering into people's ears. That's how you keep a secret, not by using a different browser.

Gardiner's argument about Google reminds me of a scene from The Merchant's War by Fredrik Pohl. Our hero, one Tennison Tarb, returns to Earth and walks out onto the street, but the street is packed with people, shoulder to shoulder all jostling each other as they try to go about their business. He happens across on an open piece of sidewalk about ten feet by twenty feet. It's wide open, there is no one there. There are no barriers keeping anyone from entering that area, but still there is no one there. Our dude sees this as an oasis and walks into it where he is immediately assaulted by a loud, specially formulated ad that is designed to make him addicted to some kind of cola. Later on we find these 'oases' are marked with 'prominently displayed' signage due to a court ruling. When these first appeared, it didn't take long for people to figure out there were a hazard to your health and peace of mind and now everyone knows. Everyone except people like our hapless hero.

I see the ads go by when I am surfing the web, but I grew up watching television - I long ago learned to ignore the ads. Perhaps some people are unable to ignore the ads. Those people might be well advised to switch to Firefox

Anyway, onto more insidious stuff. Something in the video prompted me to look up the Intel Management Engine and what I found is some really low level creepy. From Wikipedia (edited):

The Intel Management Engine (ME) is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off. This issue can be mitigated with deployment of a hardware device, which is able to disconnect mains power.

Difference from Intel AMT

The Management Engine is often confused with Intel AMT (Intel Active Management Technology). AMT runs on the ME, but is only available on processors with vPro. AMT gives device owners remote administration of their computer, such as powering it on or off, and reinstalling the operating system.

However, the ME itself is built into all Intel chipsets since 2008, not only those with AMT. While AMT can be unprovisioned by the owner, there is no official, documented way to disable the ME.

Design

The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep. As long as the chipset or SoC is supplied with power (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential Huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents.

First, note this statement: 

"This issue can be mitigated with deployment of a hardware device, which is able to disconnect mains power." 

is contradicted by this one: 

"As long as the chipset or SoC is supplied with power (via battery or power supply), it continues to run even when the system is turned off."

Just so we are clear, unplugging the power cord isn't going to stop it. The battery on the motherboard is enough to keep it alive. If you really want to stop you need to unplug it from the internet and the power outlet. And put it in a Faraday cage so no radio (like Cell phone, Wifi or Bluetooth) signals can get through.

If you really wanted to know what was going on, you'd want to know what was in those Huffman tables. Figuring that out might be a bit of a trick. You could, if you had good people skills, go out and talk to Intel employees until you found the guys who designed these tables and then using dastardly secret agent techniques get them to spill the beans. Problem with this method is that even if they hand over the tables, they might not be correct.

The other way, the hammer and tongs way, is to hook up the chip to a logic analyzer, step through the code and record what the relevant pins are doing. Might have to write some special code to exercise the chip in specific ways to get it to exercise the full extent of those tables.

You are still not done because now you get to look at all those traces and try and deduce what kind of logic produced them. 

If you have gotten this far and you also happen to have the secret table that you managed to squeeze out of the Intel engineer, you are liable to find that the table does not match what you found. Could be a deliberate error, or an error made in translating to hardware. 

Which reminds me of the bit of speculating I did about back doors in exported weapons. They could easily be there, in any equipment with any kind of solid state electronics and you would never know without doing a microscopic, destructive, layer by layer scan of all of the electronic chips.


2 comments:

  1. The NSA was reported to have a depot for reprogramming Cisco routers that were destined to be shipped overseas, complete with original Cisco packaging materials, labels, printers, and packing tape.

    ReplyDelete
  2. The NSA? Imagine my shocked face. Okay, not at all shocked.

    ReplyDelete