Is Your Computer Spying On You?

forty-two (55)in #technology • 7 years ago

The following is an article by Brian Lunduke about how modern CPU's (your computer chip) has a potential built-in capability for gathering every bit of data on your computer and transmitting it to, well, anyone with proper hacking skills really.

This is so bad that Google is switching from particular Intel processors to a more safe processor. It's all in the article.

I wasn't going to post this but it really is pretty bad and people should be aware of this.

Take a look at your desktop computer. What operating system is it currently running?

Now take a look in your data center — at all of your servers. What operating system are they running?

Linux? Microsoft Windows? Mac OS X? You could be running any of those three — or one of countless others.

But here’s the crazy part: That’s not the only operating system you’re running.

If you have a modern Intel CPU (released in the last few years) with Intel’s Management Engine built in, you’ve got another complete operating system running that you might not have had any clue was in there: MINIX.

That’s right. MINIX. The Unix-like OS originally developed by Andrew Tanenbaum as an educational tool — to demonstrate operating system programming — is built into every new Intel CPU.

MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).

The first thing that jumps out at me here: This means MINIX (specifically a version of MINIX 3) is in all likelihood the most popular OS shipping today on modern Intel-based computers (desktops, laptops and servers). That, right there, is absolutely crazy.

The second thing to make my head explode: You have zero access to “Ring -3” / MINIX. But MINIX has total and complete access to the entirety of your computer. All of it. It knows all and sees all, which presents a huge security risk — especially if MINIX, on that super-secret Ring -3 CPU, is running many services and isn’t updated regularly with security patches.

Google wants to remove MINIX from its internal servers

According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:

Full networking stack
File systems
Many drivers (including USB, networking, etc.)
A web server
That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

Why on this green Earth is there a web server in a hidden part of my CPU? WHY?

The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.

The security risks here are off the charts — for home users and enterprises. The privacy implications are tremendous and overwhelming.

Note to Intel: If Google doesn’t trust your CPUs on their own servers, maybe you should consider removing this “feature.” Otherwise, at some point they’ll (likely) move away from your CPUs entirely.

Note to AMD: Now might be a good time to remove similar functionality from your CPU lines to try to win market share from Intel. Better to do so now before Intel removes the “Management Engine.” Strike while the iron’s hot and all that.