zlacker

[parent] [thread] 4 comments
1. vbezhe+(OP)[view] [source] 2017-07-11 12:42:12
When you're running megabytes of proprietary code on numerous processors in your laptop completely out of your control, why do you focusing on Intel ME? What about your network card which runs dedicated processor with some kind of operating system, executing firmware and processing every network frame before your OS receives it, for example?
replies(3): >>_jal+T1 >>majews+2g >>hinkle+LI1
2. _jal+T1[view] [source] 2017-07-11 12:56:02
>>vbezhe+(OP)
There are use cases where pulling the network card leaves a viable system. I'm unaware of a use case where pulling the CPU leaves one.

Also, the ME appears to be a nice one-stop-shop for compromise. It is the janitor's entrance; it is right there in the name.

3. majews+2g[view] [source] 2017-07-11 14:47:27
>>vbezhe+(OP)
When the network card tampers with the packets, this can be detected if the network protocols use the correct cryptographic algorithms to ensure integrity and confidentiality. Protecting against tampering on the CPU level is much harder, since this is where these algorithms are carried out.
replies(1): >>proble+9k
◧◩
4. proble+9k[view] [source] [discussion] 2017-07-11 15:15:14
>>majews+2g
If you think you're going to catch every possible NIC-level modification, does tampering on the CPU really matter if there's no way to store or exfiltrate the data without being detected?
5. hinkle+LI1[view] [source] 2017-07-12 05:05:15
>>vbezhe+(OP)
I keep hoping we'll get a decent consumer grade interconnect fabric and just run half a dozen standard SoCs for all of the peripherals.
[go to top]