Bitcoin Forum

In a promotional video for the technology, Intel brags that the chips actually offer enhanced security because they don’t require computers to be “powered on” and allow problems to be fixed remotely. The promo also highlights the ability for an administrator to shut down PCs remotely “even if the PC is not connected to the network,” as well as the ability to bypass hard drive encryption...

"Core vPro processors contain a second physical processor embedded within the main processor which has it’s own operating system embedded on the chip itself,” writes Jim Stone. “As long as the power supply is available and in working condition, it can be woken up by the Core vPro processor, which runs on the system’s phantom power and is able to quietly turn individual hardware components on and access anything on them.”

Isn't that one of Alex Jones's websites?

yes

I've watched a lot of his DVDs he seems schizophrenic, but he makes a good living spreading FUD and misinformation...

Ever since reading The Cold Cash War (https://www.google.com/search?q=cold+cash+war&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a) many years ago I've tended to figure this kind of stuff was coming. That they actually talk about it outside of classified documents nowadays might mean its been around a lot longer than you might think and might be in a lot of chips you might not expect stuff like that to be in...

-MarkM-

The real issue is Intel's SGX. Software Guard Extensions basically means you don't have control over your computer anymore. It means that unless you reverse-engineer the processor itself, you can make malware that is impossible to analyze -- a dream for an entity like the NSA. Additionally, Intel could easily be forced to hand over the private keys used by SGX, allowing the NSA to bypass it. Even if the processor was entirely open source, and you verified that an off-the-shelf processor exactly matched the open source specification transistor for transistor, you STILL wouldn't be able to prove Intel backdoored SGX, because all it takes is knowledge of the private key.

Maybe if they spent years and went through it transistor by transistor, then yeah, someone could verify that the processor doesn't have an intentional backdoor. But the thing is, they're pushing SGX on consumers by saying that it's for their security. In a few years, you might not be able to get a reasonably new processor without it.

or you can, you know... use an AMD processor

It's not a secret chip, and it's not for spying.  It's for remote administration and theft recovery.  If you don't like it, just disable it, wrap it in tin foil, or don't buy it in the first place.

Forget alex jones, but vpro is very real and potentially the mother of all rootkits. Undetectable by software, impossible to turn off.  The Vpro controller has direct access to your hdd, keyboard, ram, and an attacker can indirectly gain access to all the rest, like camera and microphone. The possibilities are very scary.

Every Intel vPro CPU ships with an undocumented 3G chip inside, according to a report, which is visible on the 3G network even when a PC is not turned on.

The idea is to enable the Anti Theft 3.0 technology, found on every Core i3, i5 and i7 CPU after Sandy Bridge, meaning almost every new CPU from Intel may have an embedded and hidden 3G connection Intel didn't bother to tell you about, Softpedia reports.

While it is usually preferable to tackle the question at hand and not attack the source, the rumour appears to come from the PopularResistance blog, where the story is illustrated with a conspiracy-drenched mock-up of an all seeing eye with Intel in the middle, mentions of creeping fascism in the copy, and peppered with liberal doses of paranoia, a common theme in certain circles - not soothed by proof of the US government's surveillance dragnet.

Although the story is not entirely unfeasible, given the revelations from NSA whistleblower Edward Snowden about backdoors installed into consumer and enterprise technology, as well as the NSA itself setting security certification standards, the actual concrete evidence is not there.

Freelancer Jim Stone, of PopularResistance, claims: "You see, Core vPro processors work in conjunction with Intel’s new Anti Theft 3.0, which put 3g connectivity into every Intel CPU after the Sandy Bridge version of the I3/5/7 processors. Users do not get to know about that 3g connection, but it IS there."

Stone goes on to say, speaking of the vPro: "From the technical viewpoint of someone who worked for an intelligence agency, I call B.S. on Intel, avoid these processors like the plague!"

An Intel spokesperson, responding to TechEye, said: "First, Intel does not participate in government efforts to decrease security in technology, and does not include backdoors for unauthorised access into its products. 

"Second, the piece on vPro is based on incorrect information, assumptions and misunderstandings; it is wrong on many levels," the spokesperson said. "The underlying technology is not new and has been in place for more than 7 years."

When asked if consumers or customers would appreciate hidden 3G technology in Intel CPUs, the spokesperson said: "I would note that the Snowden leaks was not mentioned in the vPro article that has been circulating".

But was the R&D financed by NSA or something like that, or are they spending millions for easy remote tech support?

That said, I don't understand why you would buy such a machine in the first place. Those are for business environments and are more expensive.

The real issue is Intel's SGX. Software Guard Extensions basically means you don't have control over your computer anymore. It means that unless you reverse-engineer the processor itself, you can make malware that is impossible to analyze -- a dream for an entity like the NSA. Additionally, Intel could easily be forced to hand over the private keys used by SGX, allowing the NSA to bypass it. Even if the processor was entirely open source, and you verified that an off-the-shelf processor exactly matched the open source specification transistor for transistor, you STILL wouldn't be able to prove Intel backdoored SGX, because all it takes is knowledge of the private key.

No, even if your OS has been re-engineered to take advantage of SGX, you're still fucked. You'll end up with a more secure system against some adversaries, but it's really a false sense of security since you'll be at the mercy of anyone with the private keys (Intel), and anyone who can force Intel to hand over the private keys (the US Government). Plus, you can still make malware that's impossible to reverse engineer under SGX, making antivirus programs useless.

Again: No.

That's not how the SGX model is said to work, that's the (admittedly possible) tin-foil hat version. But Intel aren't going to sell processors to which only they have the private key to run enclaved code, and more to the point, consumers won't buy them. What sort of a "feature" would that even be? Intel could use much more insidious ways to back-door their processors.

lets suppose for the sake of discussion that the nsa promised intel all sorts of goodies to hardware backdoor all of their processors. do you think it would be possible for intel to get away with this? is it possible to audit for this sort of thing? is anyone auditing for this sort of thing?

From what I've read up on, yes. It's even possible to do this in a plausibly deniable way, hence "insidious" in my previous post. I suspect that it would be unwise to use this sort of exploit on a widespread scale, as it only increases the chances that Intel get bad publicity from having "exploitable flaws" as opposed to deliberate backdoors. I think it's best to assume that all systems at all levels are breakable in one way or another; start all plans to secure your digital stuff with that assumption.

I feel safer already. Some web site I've never heard of before quotes an unnamed Intel spokesperson who promises that nothing bad is going on.

http://news.techeye.net/chips/intel-responds-to-always-on-3g-processor-conspiracy

By the way, who's paying for the 3G service for every one of these processors?  Intel, Verizon, or the NSA?

By the way, who's paying for the 3G service for every one of these processors?  Intel, Verizon, or the NSA?

unless you've got a proper EM-isolated room and have assurances that you are not vulnerable to remote attacks a la firmware attacks or OS exploits, someone owning your computer is always a possibility. an EM-isolated room or enclosure can be quite expensive and having resistance to firmware attacks is nontrivial.

so my question is this, if we take everything that is written in this article for granted, would it even be technically possible to secure ones bitcoins on a computer with one of these vPro processors?

Relying on any single piece of hardware to secure your bitcoins is a bad idea. In the future, you should use two pieces of hardware created in two different parts of the world by two different organizations in two different legal jurisdictions to secure your bitcoins.

Right now... "only invest time or money you can afford to lose."

thanks for chiming in Gavin. that sounds like very good advise to me.

also you must be able to afford to lose a lot of time seeing as how much you have invested in this project so far ;D

Gavin gets paid for working full time on Bitcoin, I would guess he's being compensated well enough that his finances haven't become totally uncomfortable (although I suspect he's also not being paid well enough either, but I won't speculate further as it's tantamount to expecting some kind of clarification).

Of course they're not going to sell processors that only run enclaved code signed by them. That would indeed be silly. I'm saying that code that runs within an enclave will be impossible to reverse engineer without the private keys.