Segfault wrote:Having 100% control over everything I do not see there would be any difficulties for MINIX to reach out to the internet using any hardware available, it may rely on user OS provided drivers in some cases, though.wizard10000 wrote:One thing I haven't heard anyone mention is that if your NIC isn't Intel I don't see how their ME can connect to anything.
This seems to imply that, assuming someone isn't physically at your computer (utilizing a USB exploit, for example) or convincing you to download "cool_screensaver.bin", remote code execution should be moot so long as one of those modules, like wifi, is not intel.wizard10000 wrote: According to Purism
http://www.tomshardware.com/news/purism ... 32576.html
For AMT to allow remote access, three things are necessary: an Intel chip with vPro support, an Intel networking card, and the corporate version of the Intel Management Engine binary.
If so, then, for the average consumer, worried about frying their bios with the internal and external me_cleaner tutorials, would the best protection not be to swap-out any intel-based wifi hardware with non-intel ones?
I ask because it isn't clear to me how deeply this minix "spin" can be exploited if rce is disabled or rendered useless. It also isn't clear the degree to which it has been exploited -- I'd be interested to read any new findings on this. So, it's hard to make a clear judgment about whether or not the ME can really reach out to available hardware, although, to err on the safe side, I assume "probably" is the best prediction.
fwiw, I'm probably going to try externally me_clean-ing mine, but I thought I'd ask.