Spyware at The Hardware Level - Intel ME & AMD PSP

Подписаться 671 тыс.

Просмотров 466 тыс.

50% 1

In this video I discuss the Intel Management Engine and AMD's Platform Security Processor, both of which are hardware level spyware embedded into their respective CPU's that have full control over the primary CPU that the user does their computing on. The control these management engines have over the primary CPU include
Ability to read and manipulate the contents of ram
Ability to read and manipulate data stored on your hard drive
a separate dedicated network connection that cannot be blocked with firewall rules
Ability to read and manipulate keystrokes and mouse movements
Ability to read and manipulate images on screen
Subscribe to my RU-vid channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released. ₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB

Опубликовано:

28 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 2,1 тыс.

@4.0.4 4 года назад

"Intel Inside" wasn't about the company, it was about the intelligence agencies.

@Infinitrium 4 года назад

Ooh good point

@UCmDBecUtbSafffpMEN3iscA 4 года назад

Makes sense

@homeistheearth 4 года назад

Yeah like de decepticons that will deceive you

@johnchase1190 4 года назад

o no shit...right there in plain sight all these years

@mbahmarijan789 4 года назад

AMD been good at hiding it

@3zzzTyle 4 года назад

Pretty sure TempleOS automatically patches this with divine microcoding.

@Scaramouche122 4 года назад

With assembler injections.

@4.0.4 4 года назад

Can't hack you remotely if there's no network stack. Big brain time.

@LeetTrance 4 года назад

@@4.0.4 sure they can, its called jumping an airgap and there's plenty of ways to pick up your signals

@KokoroKatsura 4 года назад

a n i m e n i m e

@hackmind 4 года назад

Leet Trance you’re a close but not quite right there. All the airgap attacks I’ve ever read require to install the malware via USB ports, then extraction comes through different means. To this day (as we know) code can’t be injected over the exfiltration means depicted in those attacks

@jamoxploder 4 года назад

"Bioluminescent" - Terry A Davis would be proud

@NewCurryofthepast 4 года назад

Fucking godless glow in the dark CIA joggers

@MrEdrftgyuji 4 года назад

You just run them over. Thats. What. You. Do.

@aesthet1k_ 4 года назад

@@NewCurryofthepast "joggers"

@zayanh2823 4 года назад

R.I.P 😔😔

@skeptical_thinkers 4 года назад

RIP The greatest programmer who ever lived.

@alchemist889 4 года назад

I solve the security problem by storing critical sensitive information in my brain, then forgetting it.

@Walter_ 4 года назад

have you read the torture vulnerability CVE?

@myron7642 3 года назад

Underrated thread

@alchemist889 3 года назад

@@Walter_ That'll get you nowhere. You'd have better luck giving me drugs.

@ChavanAr 3 года назад

security by lack of memory

@superslimanoniem4712 3 года назад

I always write my info down on physical papers in a safe. That way, at least they can't remotely compromise my info. Threat model: creepy companies

@xXYannuschXx 2 года назад

I remember reading somewhere, that some guy managed to get an Intel processor to run with a modified BIOS that lacks the Management Engine microcode needed for it to run; the CPU was working flawlessly, except for ANY kind of IP functions not working in any OS. I think this alone tells everything you need to know about this thing.

@JustElijahRS 2 года назад

IP as in the IP addresses?

@sylv512 2 года назад

IP stands for “Internet Protocol”

@NawidN 2 года назад

@@sylv512 I thought he meant "Intellectual Property".

@AnotherSkyTV 2 года назад

@@NawidN DRM

@ME0WMERE Год назад

That's scary. I'm glad I'm using an AMD machine.

@trueriver1950 4 года назад

"There isn't much you can do about it" Reminds me if that line where a recalcitrant computer is threatened with a fire axe "I'll give you a reprogramming you won't forget". Almost anyone can disable IME. The clever thing is to disable it without disabling the rest of the CPU

@Misha-dr9rh 2 года назад

@@idiosyncraticname h2o

@DJ_Level_3 2 года назад

@@idiosyncraticname Desolder it and throw it in the trash can

@GladiusTR 2 года назад

You wrote the one who didn't understand the original comment, don't be rude to the guy clearing up for you

@DJ_Level_3 2 года назад

@@GladiusTR ...I think we were all joking around? At least that's how I took it

@Plons0Nard 2 года назад

It was Zaphod Beeblebrox using that reprogramming threat to Eddy, the shipboardcomputer of the starship Heart of Gold. Yes, I know my classics 😊👍🏻🤝🏻🇳🇱

@syphakusu275 4 года назад

USA : accusing tiktok for collecting users data Also USA : **looks away**

@dhruvakhera5011 2 года назад

the us government is a very big hypocrite if you see their moves

@boss_boy_ 2 года назад

Honestly I’m not that bothered with the feds monitoring google or whatever. Bad opinion, I know, but from what I understand about courts, they can’t use what they find by monitoring your internet in courts, as they weren’t obtained with a warrant. All they can really do is just watch. Besides, the FBI and NSA are _terrible_ at acting on intelligence. The CIA were monitoring the 9/11 hijackers, and still did nothing with info that would have stopped a war. They don’t care. Unless your working for foreign intelligence or are an internationally wanted criminal, they’re probably going to ignore you. Again though, I understand why people are upset, and I’m not saying that the anger they feel is wrong, but more that your data will be secure with them due to the sheer mass of drunk texts and disturbing pHub searches they have to sift through before hand.

@corsomaximahu69 2 года назад

@@boss_boy_ facts

@ffwast 2 года назад

@@boss_boy_ bold of you to assume they wanted to stop an event that got them more authority and money.

@MegaKopfschmerzen 2 года назад

@@boss_boy_ They also brazenly prosecute innocents and fabricate, or at the very least frame evidence.

@ronvoy 4 года назад

The most secured computer is a pocket calculator

@alwaysinagoodshape5327 4 года назад

0.7734

@alwaysinagoodshape5327 4 года назад

376006 Are you sure about that?

@xyzzy-dv6te 4 года назад

@Irish Bucket List Book Scam You are an obvious troll, how can you even backdoor something with no internet access?

@gspapp 3 года назад

325200 here is a number

@simonjesusbeliever3467 3 года назад

@@xyzzy-dv6te what comment did eh say,

@okb6436 2 года назад

Aw man, time to build a room sized transistor computer out of soldered logic gates to run linux and avoid getting spied. Jokes aside, great video

@ujjvalw2684 Год назад

not a bad idea

@useranonymous9274 Год назад

“Siri logic gates put in room with solder how?”

@ff-qf1th 10 месяцев назад

DO IT. DO IT YOU COWARD (encouraging)

@kevinkelsall5307 4 года назад

So this was a 10 minute commercial for System 76

@cestarianinhabitant5898 4 года назад

To be honest they deserve the exposure, it's a good company.

@EnderCrypt 4 года назад

its quite a good company, though i am a bit dissapointed by the touchpad starting to fail fairly quickly

@enermaxstephens1051 3 года назад

@@EnderCrypt I think they'll replace it for free

@misaroorasim 3 года назад

@@EnderCrypt that would definitely be covered by warranty

@SergeantExtreme 2 года назад

There's also Purism as well. Purism also makes computers that do not contain the Intel ME.

@peterjantzer4767 4 года назад

That's it, I'm dusting off my commodore 64.

@kittenknee7502 4 года назад

I never stopped using mine.It never caught a virus in 30 years,and has never given away any personal data without my express permission. My very first tablet phone ......attempted to share files with a laptop in the next room when it first powered up.After much research I identified the data as geoLocations.Why would it give this data to another UNRELATED UNIDENTIFIED computer?We need transparency from GOOGLE as to WHO can and DOES read this info.Bear in mind....the laptop in my house......was not the concern. It is the other computers/networks it was sharing these geolocations with......and WHY.

@SgtAbramovich 2 года назад

Wowie, thanks! Before, I wasn't really concerned because I thought "Sure, take my data, you won't be able to do shit with it anyway", but now the thought that someone at AMD could simply brick my PC remotely suddenly won't leave my head.

@theundefinedx0018 2 года назад

Not sure if you're being serious, but "Sure, take my data, you won't be able to do shit with it anyway" is a very concerning argument. What if you do have something to hide? Why wouldn't you want that option? The Jews in Amsterdam sure would have liked to have that right to privacy in 1939 to not have their religion be written down in the local government's administration. Like Edward Snowden said: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.". en.wikipedia.org/wiki/Nothing_to_hide_argument

@vaikjsf34a 2 года назад

@@theundefinedx0018 good quote :)

@sanyi9667 4 года назад

let's bring that templeOS back bois

@dhruvakhera5011 2 года назад

i have amog OS vm on my pc 😂

@akpokemon 2 года назад

I worked IT in my college and I remember my boss making us go to every single computer in our inventory and install that Intel firmware patch. I didn't realize how truly bad it was.

@randallporter1404 4 года назад

Some time ago (months) I watched a video about China making a CPU. I remember commenting that I didn't trust them to *not* install a hardware backdoor... Guess I shoulda been looking closer to home. So has Intel and AMD said anything about _why_ these systems are installed?

@TheMohawkNinja 2 года назад

It allows IT departments to remotely manage the BIOS. Think of it has low-level RDP. Intel ME at least doesn't really bypass firewall rules. So long as you block the couple of ports it uses, you are fine.

@ahmadanime7586 2 года назад

@@TheMohawkNinja how can I do that?

@ilearncode7365 2 года назад

@@ahmadanime7586 This, they say that it allows users to remote manage their computers even when the computer is off and no OS is running, but Ive never heard of anyone actually using this claimed feature.

@impoppy9145 2 года назад

@@TheMohawkNinja "Block the couple of ports it uses" why so many uneducated ppl are talking about things they don't understand in this day and age? Don't talk about things you don't understand. This remote access is " allegedly " designed for IT professionals to have FULL CONTROL. AKA they can turn on and off the laptop, access the bios AND reinstall the corrupted OS. HOW TF ARE YOU GOING TO FIREWALL THIS ?? EVEN IF YOU REMOVE THE HARDDRIVE THEY STILL CAN ACCESS BRUH.

@TheMohawkNinja 2 года назад

@@impoppy9145 Okay, if you understand so much, then explain to me how you can ignore external hardware firewall rules from the local BIOS? Because if that's something you can easily do, we can just throw LITERALLY ALL OF CYBERSECURITY out the fucking window.

@notiashvili 4 года назад

Coreboot still can't remove the entire management engine. Also, ARM probably already has a similar management engine, at least on the Raspberry Pi, the GPU has VideoCore IV which can control the CPU.

@charliekahn4205 4 года назад

Maybe you could use an OS without an ME driver, maybe one that just returns null.

@charliekahn4205 3 года назад

@PC del Pueblo you still need software capable of accessing the ME hardware to take advantage of the ME.

@MRL8770 4 года назад

Idk. about that whole disabling ME thing. I have have a friend who worked for Google and he said thay've meddled with it and even they are having a hard time disabling ME for good. They got it disabled only temporarily. Also he told me that ME being truly disabled in those laptops sold by companies like system76 is bullshit. But he says a lot of things so I wouldn't take his word as a granted truth.

@archygrey9093 3 года назад

I tend to believe him, the me has privileges over the bios so bios changes might stop it communicating but it will still be there and functional

@KSPAtlas 3 года назад

@@archygrey9093 my firmware has an option to disable ME and AMT and it disables the firmware modules so that the ME can't access anything

@theodiscusgaming3909 3 года назад

System76 does remove the more sus stuff from the ME but some of it still remains

@KSPAtlas 3 года назад

@schmobbing Probably not, but the switch doesn't harm

@the.scarlet_witch.official 2 года назад

Purism does the same thing to their products too i think

@dandeeteeyem2170 Год назад

I found out about all this when it was first implement on our work tablets back in 2012. Wanna know how I worked out the capabilities of IME? I searched the Patent applications registry and found the applications by Intel. All capabilities were listed

@Joe-ih3ln 3 месяца назад

Dude this is terrifying, wtf

@depth386 4 года назад

One can only wonder what the recent Chinese x86 CPUs do in the context of Intel ME and AMD PSP. It’s probably worse in a domestic Chinese context but makes you wonder a few things.

@JOELwindows7 4 года назад

CPU that has spyware and it's in everyday. This is your daily dose of Recommendation

@plus4566 4 года назад

MINIX3 is not closed source - and as MEI has no storage on its own and doesn't sign the IFD (up to Skylake), you actually can control what segments you want to load. The structure is directly visible.

@willie9899 Год назад

Don't forget you can use hardware firewalls to at least control where your data goes. I've been wanting to get one to block Microsoft's forced updates as well

@Billinous 2 года назад

It was always suspect when virtually all computers worldwide can only have an AMD or Intel CPU at the same time computers gained importance to everyday life at home or work. #phucked

@rodrigosouto9502 4 года назад

There's also purism. They sell notebooks with disabled Intel ME (and other nice features).

@matildahalili8051 4 года назад

I own a Librem 13. HHAHAHA.

@rodrigosouto9502 4 года назад

@@matildahalili8051 Nice investment

@Whitemike63 9 месяцев назад

Im sure if you remove the backdoor you will get flagged kinda like if you use Tails OS. There is no security or privacy with todays electronics.

@snap-off5383 2 года назад

"it can bypass firewall configurations due to its dedicated network configuration" - this blips my "BS" radar. It can talk out the network port without the OS on that machine being able to use its own firewall to intercept it, sure. But the next firewall (perimeter equipment) WILL see that traffic, implied in your statement is that it can tunnel out through anything.

@ReptilianLepton 2 года назад

What steps actually would need to be taken to secure a network specifically against outgoing (or internal inter-device) traffic originating from ME/PSP doing nefarious things? Obviously _AMT_ is extensively documented but surely locking down the ports AMT happens to use would not be of much value against ME itself. So, in this context, what does a glowie packet look like?

@snap-off5383 2 года назад

@@ReptilianLepton Dunno, you'd have to white-list only and log to see where it wants to talk and what info you can garner about those places to sift them out. Then there would be information from those you catch that could be used to fingerprint them.

@benaflac5793 24 дня назад

If (MEcpu == true) { X in X +1 = bypass packet inspection; }

@azuredreamer 4 года назад

Finally a reason to make me feel good to still b stuck with a old P45 chipset as main pc xD

@unaphiliated5090 4 года назад

You forgot to mention the hardware back doors in the network controller, the hard drive controller, and inside your printer.

@alexander1989x 2 года назад

Ah yes, the good ol OpROMs. Proprietary firmwares everywhere.

@ginkhoba 2 года назад

i realize this video is 2 years old, but never the less i want to ask, what alternative chips are available to use, since AMD is also on the band wagon with this spyware shit. i refuse to use apple at all, but what about ARMs are they up for it as a daily workhorse? someone got some advice?

@owmylehg7811 2 года назад

I'm pretty sure you can disable AMD PSP in the bios, as long as your motherboard supports it. IMO AMD has always been better at letting the consumer do what they want, and even though their stuff isn't open source, you can sort of do whatever you want with your product as long as you know how. Like, I can overclock any ryzen cpu on any ryzen motherboard, but its up to me to make sure it doesn't crash or catch on fire.

@OkamiSam 7 месяцев назад

i personally solved my security info breach by taking enormous amounts of bendagryl and ayahuasca to the point of developing multiple personalitys, then i personally programmed each personality to be switched on very specific triggers, and every personality has limited info available to them so it functions as a patch of the torture vulnerability

@khhnator 4 года назад

question, what possible legitimate uses this thing might have?

@vak2586 4 года назад

None. It's literally just there so the alphabet soup agency glowies have a particularly easy in for just in case you ever become a High Value Target.

@r00tyschannel52 4 года назад

@@vak2586 I think it does come down to this. I think the problem is that people don't worry about such things (as being spied upon by government agencies) because they think the status quo (relatively stable western governments that don't try to suppress their citizens, much) will last forever. As such, what do they have to fear from said agencies? But, you only need to look at elsewhere on this planet to know that it's not a given that this status quo will last forever. It's a kind of arrogance to think that western governments can never go down the route of other authoritarian or destructive governments and regimes. So, the issue is that one day WE might be the underground that's trying to work against a tyrannical government (or governments even). On that day, we'll wish we didn't have machines that could be tasked to work against us. That's the issue as I see it at least. Right now, it's not really a problem for almost everyone. But, if things were to change, it's not going to give you much chance to do much about this. That's my thoughts on the subject at least.

@SianaGearz 4 года назад

As to marketable uses (i.e. someone actually deliberately paying to have IME in the computer), there is Intel Active Management Technology built on top, just read the marketing materials for that. It's useful to remote manage server deployments, and for fleet management of business computers/laptops. Basically any actions that the IT devision would have otherwise executed in person on a given machine, such as BIOS setting changes, operating system reinstallations, OS-independent heartbeat monitoring and restart, can be performed via this system remotely. Server deployments simply had to have an external KVM remote solution before IME, and big companies like to monitor everything that happens on employees' computers, they like to lock things down towards the user and leave several giant backdoors for themselves, and the IME/AMT is one of the ways how they accomplish that. The AMD technology corresponding to Intel AMT doesn't come with a single designation, it's a bunch of different things, but your keywords could be be AMD PRO Manageability and AMD Management Console etc.

@geemcspankinson 2 года назад

Free data Massive server farms and supersomputers processing the smallest extracted shit about you deep under the desert Personified propaganda and social experiments

@javaguru7141 2 года назад

@@r00tyschannel52 It's been a year since you posted this but I still want to say that this the most eloquent and succinct description of my shared thoughts on the matter that I have found. I will be quoting it, haha.

@helmutzollner5496 2 года назад

Very interesting# Had been wondering why you never hear about Ring 0 being used in the OS. Now it's clear. Thank you.

@Aemilindore 4 года назад

Libreboot was a project that did good to work around Intel management engine. But it's abandoned now.

@user-ox4ii2bw6x 4 года назад

Wait, libreboot is abandoned? I thought it was still being developed! :s

@user-ox4ii2bw6x 4 года назад

Wait, it's not true! it's still in development, here's their git: notabug.org/libreboot/libreboot latest actual base build was 2 months ago!

@Aemilindore 4 года назад

@@user-ox4ii2bw6x unfortunately the author is in a bit of financial crisis. You may check her twitter as well as her website. There are hints that the project is not abandoned it but the project has not made progress in ages. That implies a lot. However, may be you can have your own view about it.

@user-ox4ii2bw6x 4 года назад

@@Aemilindore I see, but I can't seem to find the actual author of the project's twitter, mind sending a link?

@Aemilindore 4 года назад

@@user-ox4ii2bw6x It seems her SSL certificate is expired. But checl this link on libreboot libreboot.org/news/leah-fundraiser.html vimuser.org/ is her personnel web. She also had a store called minfree (min=ministry)

@DrHarryT Год назад

"Intel ME" Wasn't that... Intel IMEI [Intel Managment Engine Interface] ????

@hungarianbrendenfraser7417 4 года назад

apple said they gon make their own cpus now, wonder how secure they gonna be

@TrippSanders 4 года назад

I think they are gonna try and lock it down like iOS. They already have the T2 Chip built in.

@noyes6758 3 года назад

Tbh intel me is better than the apple security by not giving you freaking root access

@trueriver1950 4 года назад

So that's what "Intel inside" really means Intelligence Agencies Inside

@sharcc2511 2 года назад

boy am I glad to have an AMD chip now. edit: just saw the second half of the vid. for fucks sake man we literally cant have shit anymore

@lboston4660 Год назад

imagine not hoarding pre-IME/PSP hardware for glorious re-sale to tinfoil hatters 20 to 30 years from now. DDR2 for life baby

@serzaknightcore5208 2 года назад

"all that we can really take is that they promised that this time it is fixed" Delfy: Yeah, i often encounter this

@PSWii360onBaSS 2 года назад

This just gives a whole new meaning to they are always watching you.

@zephyr7 4 года назад

didnt know system76 disabled the me

@joaomarcelobadu 2 года назад

Great video! What about ARM? Is there anything similar to ARM based systems? Are they more secure?

@alexander1989x 2 года назад

ARM is just a barebone CPU design that is (presumably) clean. I know it has its own enclave-running TPM-like processor called "TrustZone". However, CPU designers that use ARM base design (Qualcomm, Mediatek, Samsung, Hisilicon....) can embed whatever they want.

@juergenp.2788 4 года назад

These are some of the most interesting comments I have ever read on YT.

@user-xp8nq5mf9y 4 года назад

Same never spent so much time reading RU-vid comments

@GabrielM01 4 года назад

We want a how to do on disabling the ME or PSP

@charliekahn4205 4 года назад

Laser might work

@jake1173 4 года назад

Scoop the section on the cpu die out with a spoon

@GabrielM01 4 года назад

Sorrow Snake hahahhahaha how funny ahahahahah you should do comedy my guy

@badasahog Год назад

This smells like a government mandate

@henstar337 4 года назад

I don't have to worry about this with my pentium D !

@russellmania5349 Год назад

Hackers can also use this backdoor to infect laptops or desktops even if they are off. Alex Jones talked about this back door back in 2010 and people said he was crazy.

@Mojo_DK 3 года назад

Can't the AMD PSP be disabled?...but how sure can we be that it is actually disabled...that would be an interesting video

@MrJuanjo1997 11 месяцев назад

Lol good thing my laptop has a corrupt Intel ME, bios literally says "ME Version: UnKnow"

@WarpPal 4 года назад

"Still don't believe in conspiracies??"

@b.c.2177 Год назад

If System76 can disable Intel ME in they computers, then it is possible to do this on any computer, no?

@neoone9820 4 года назад

Well... goodbye smart phone! Goodbye world!!!! I'm going to live with the Amish!!

@XxXVideoVeiwerXxX Год назад

"Shortly after SA-00086 was patched, vendors for AMD processor mainboards started shipping BIOS updates that allow disabling the AMD Platform Security Processor,[96] a subsystem with similar function as the ME. "

@XxXVideoVeiwerXxX Год назад

Is this true, AMD gave consumers an optional BIOS update to remove their backdoor?

@RicardoSilva-wo8sw 3 года назад

It's true that windows has more malware than Linux and Security by Obscurity sucks. But I'm convinced that the malware is due to windows market share and not necessarily for being proprietary

@gandalfwiz20007 Год назад

From what I understand nowadays, want privacy? Make your own hardware and software😂

@emilv.3693 2 года назад

The question is, will my computer still work if I physically go into my computer and rip off the management engine

@Jonas-Seiler Год назад

One of the only things I am looking forward to in regards to AI development is the probable complete and utter lack of capability to keep your source code closed. The world may be going to shut, but at least no one will be able to push it there without anyone else knowing. The end of life as we know it really is going to be a community effort.

@Jonas-Seiler Год назад

Wait a minute thus fucking video is really just an elaborate advertisement. Fuck me.

@MemeScreen 4 года назад

What about ARM based computers?

@thomaspayne6866 4 года назад

Trustzone hypervisor

@UltimateAlgorithm 3 года назад

Depends on the manufacturer, they can put what ever they wanted on their chip.

@hudson2969 4 года назад

Every time I see the Intel logo I rember all the ads with the Intel sound at the end

@Jossandoval 4 года назад

This is way I laugh myself silly every time someone suggests using Qubes-OS with those fancy virtualization Intel or AMD chipsets as a way to secure your computer.

@Jossandoval 4 года назад

@@shaurz Good luck with that, I just find the whole concept of designing layer upon layers of security to put on a system insecure by design, well, silly. Feel free to o your computing in 8-bit Z80 chips running Collapse OS.

@mstdve4977 4 года назад

@@shaurz >not simulating slackware in your pebble garden ngmi

@b01scout96 2 года назад

You don't need to know the source code in order to hack it. You don't need to know how a lock works in order to lockpick or destroy it. You need to know what a firmware is in order to pach it. Nah, I'm just kidding. Love critical IT stuff. ;-)

@TheRealFrankWizza 4 года назад

Linux (PC) is protected by security through obscurity in regards to viruses. Linux is obscure. The small user base protects people mostly. Windows is not obscure, which is why there are so many viruses made for it despite the closed source nature of it. Android also runs a linux kernel. Since it isn't obscure, the market is infested with viruses for linux. There are also many direct kernel exploits via Android, and there are phones with closed source locked boot loaders that have never been exploited because nobody figured it out. Even the non us version of the Droid 1 (Motorola Milestone) still hasn't had the boot loader opened (it's from 2009). Thinking that it would still be locked if they open sourced the boot loader is Arrogant, and Fool hardy. Also, locksmiths are well versed in lock design and construction. There are so many different types of locks. They study them. Knowing how it was constructed is how the locksmith determines the tools and strategy to pick the lock.

@rabbitdrink 4 года назад

linux is more secure because its simpler, because its just a kernel. the os is a system built on top of the kernel. windows is nothing but a mess. linux also has many times more developers looking over the source code and finding bugs to fix. thats impossible with closed source. if some software can have that many bugs for it its bad software.

@Scoopta 2 года назад

The AMD PSP is not on the motherboard, it's actually an ARM core embedded into the main die

@JamesTsividis Год назад

Thank you for this detailed explanation!

@flameofphoenix5998 2 года назад

What would happen if you were to just remove those seperate chips and bridge the pins?

@StefanReich 2 года назад

I'm still confused about this. Is it a real attack vector or not?

@GreyBandanna 4 года назад

To keep your CPUs from spying on you, you just run them over

@winterdusk6313 4 года назад

That's what you do.

@CLK944 4 года назад

they glow in the dark

@shadee0_106 2 года назад

Wow! It works!

@iLinked 2 года назад

The CPU's glow in the dark

@sekarmaltum1695 2 года назад

or use computers from before 2008

@bobafruti 4 года назад

When you said “alphabet” I thought you meant Google not CIA, FBI, NSA... then I realized that was a distinction without a difference.

@hyperhektor7733 4 года назад

according to snowden files Google is a slave to the NSA due to the NationaSecurity Letter "trick". Its insane that a nation with this type of legal instrument thinks still thinks its a free democracy, but on the otherhand the DDR of germany called themself also "democratic" ;d

@nagualdesign 4 года назад

😆...

@julianjaimes197 4 года назад

a t f d e a

@Midaspl 4 года назад

@@hyperhektor7733 you may laugh at DDR, but it was probably the most free country in the East block. Many people ever dreamt of visiting the East Berlin.

@hyperhektor7733 4 года назад

@@Midaspl i dont i am german, the people who got killed by the DDR never dreamed to stay ;). Sure they killed less, but it wa a full blown socialist county with all its typical downsides.

@oneheckofabanana2016 4 года назад

Intel's security model is actually much more advanced than Security by Obscurity. Their actual security model is called "Trust Me, Bro" and it works like this: User: Intel, how can I know your system is secure? Intel: Trust me, bro! User: Can I see the source, so I can check for myself or let someone I trust check for me? Intel: Nah, bro, just trust us!

@SyphistPrime 4 года назад

There's actually instructions in Intel CPUs that we have no documentation on and no idea what they do. They were only found by a program designed to fuzz for these hidden instructions. There was a talk done on this at either CCC or Blackhat from what I can recall. If you can find it you should check it out. It's very interesting, and just shows that even the processor itself might have spyware we doing know about.

@GoldenHat333 3 года назад

that reminds me of Saddam in south park hey relax guy you need a rest dont think about it, look over here

@logistic-bot458 2 года назад

@@SyphistPrime ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-KrksBdWcZgQ.html might be the video you are talking about. For anyone too lazy to search for it.

@SyphistPrime 2 года назад

@@logistic-bot458 thank you, that looks like what I was talking about.

@zane8929 2 года назад

@Brendon O'Connell III a wild Brendon O'Connell has appeared

@typingcat 4 года назад

Builds a truly "libre" computer; installs Windows 10.

@QoraxAudio 4 года назад

Installs Google Chrome

@user-pc5sc7zi9j 4 года назад

@@QoraxAudio Installs the Epic Games launcher

@user-pc5sc7zi9j 4 года назад

@Mialisus Installs Microsoft Office

@kristiyanivanov7414 4 года назад

installs minecraft

@Gamez4eveR 4 года назад

connects to the internet

@jirikrajnak9047 3 года назад

We're living in a 60s sci-fi writer's worst nightmare.

@h.s3187 2 года назад

Yeah Such as george orwell 1984

@norbeekash2699 2 года назад

1984 is nothing compared to the level of surveillance what you have today

@HSnake5 2 года назад

Not quite. It's not compliance through force or fear, but rather through comfort and convenience.

@halphantom2274 2 года назад

Yep, Huxley's Brave New World fits better.

@OperatorKaz 2 года назад

@@halphantom2274 its a mix of both

@multitrackdriftu 4 года назад

According to libreboot, anything from AMD's 15h architecture (Bulldozer) down should be fine, as they released the source code for them. Also, I got an ad for a schizophrenia medication at the end of this video. Fancy that.

@johnnyblack4261 4 года назад

Is this an old architechture or is it modern?

@My_Old_YT_Account 4 года назад

@@johnnyblack4261 somewhat recent

@CommieCat 4 года назад

Johnny Black 2011 and it was really not competitive. They paid out a suit for false advertising related to its performance too.

@johnnyblack4261 4 года назад

@@My_Old_YT_Account What about the most recent AMD processor, is the source code released for that?

@PhazonSouffle 4 года назад

You mean to say that prescription psychotropic drugs are advertised on youtube. Where can I get mine?

@wallyhackenslacker 4 года назад

Poor MINIX, I worry it'll go down in history as "that spy OS used by Intel" despite it's long and proud career as an educational OS.

@rohanahlawat5809 4 года назад

Oh hello Mr Intelligence agent!

@ExtraLargeWindow 3 года назад

Yeah CIA agent What you doin here eh?

@gspapp 3 года назад

Minix is good for writing your own operating system

@lepidotos 3 года назад

It's a shame, because I really like microkernels.

@iskamag 2 года назад

I mean it's the devs' fault for using a permissive license, now we all get to reap the benefits.

@bradleylambert3284 4 года назад

Intel ME (Mossad Entrance)

@alchemist889 4 года назад

Where were these Intel chips designed?

@glowiever 4 года назад

Intel-aviv Mossad Entrance

@dacho707 4 года назад

@@glowiever based

@deoxal7947 4 года назад

@Saudi King Volintine Ander of Arabia I keep asking for a source but you dumb dumbs never provide one because it doesn't exist

@689finalmessage5 3 года назад

@DSW22 Were the panama papers the time some journalist exposed tax evading companies and got killed by the CIA?

@mateusmt6194 2 года назад

Intel Management Engine and AMD Platform Security runs at Ring -3, the most privileged ring in existence, and they are spywares indeed.

@mycelia_ow 2 года назад

This should be made illegal

@BruceCarbonLakeriver 2 года назад

@@mycelia_owTrue that!

@Noizzed 2 месяца назад

@@mycelia_ow The people that make things illegal are also the ones that made this happens.

@sjuvanet 4 года назад

rest in peace, terry. our greatest programmer.

@oniruddhoalam2039 4 года назад

Why?

@sjuvanet 4 года назад

Oniruddho Alam why what?

@VeryVeryBlackGuy 4 года назад

wait, is he dead?!

@reallauradee 4 года назад

@@VeryVeryBlackGuy since 2018

@eijiniizuma6184 4 года назад

@@VeryVeryBlackGuy he was run over by a train

@joko49perez 4 года назад

"Bioluminescent" 10/10

@androkon6920 4 года назад

The solution is clearly to design my own motherboard, so I can be sure there aren't more hidden mics than usual

@chaos0987654321 10 месяцев назад

"I got a $5 wrench that says you will put theose microphones in" t. NSA

@blkspade23 4 года назад

I do believe one noted difference between Intel's ME and AMD's PSP, is that many of Intel's vulnerabilities were remotely exploitable where as AMD's required physical access. That is not an insignificant difference.

@UnitAlir 2 года назад

AMD motherboards, like Intel motherboards can still be compromised mid shipping

@blkspade23 2 года назад

@@UnitAlir My point was about the discovered vulnerabilities in the platforms, not about in transit compromise.

@Fabrizio_Ruffo Год назад

I was wondering that. Because recording stuff isn't the same as transmitting stuff. The idea of every computer having a black box is different from a backdoor. Though it could be both.

@rompevuevitos222 Год назад

@@UnitAlir I mean, if someone can manage that. I think that a compromised CPU is the least of your concerns. Like, if someone has the ability to access a shipment and literally modify the CPU without even leaving any evidence (and without ruining it, for that matter). It may even be easier to swap it for something better at whatever the malicious intent was.

@EnderCrypt 4 года назад

Protection Ring: 3: User Mode 2: Drivers 1: Drivers 0: Kernel -1: Hypervisor (virtual machine) -2: System Management Mode (operating system in the CPU) -3: Intel Management Engine (remote administration in intel cpu's)

@ecu968 2 года назад

-4 matrix

@VinceSlzr 2 года назад

@@tejassingh5344 please shut up

@karolbomba6704 2 года назад

-7: its 7 because its hidden behind 7 proxies

@vaikjsf34a 2 года назад

@@tejassingh5344 -8 obama bin laden in a cave

@AndrejusDovidaitis 2 года назад

-9 who let the dogs out

@smrtfasizmu6161 2 года назад

My grandpa worked for some part of his life in an encryption center for my country. He talked to me about stuff like this, I only vaguely remember it. I wish I was paying more attention back then.

@iskolat9180 2 года назад

The West has been doing this for decades. I think your grandfather was talking about Crypto AG which had a backdoor built into its encryption machines, so that the US, UK and West Germany could read top-secret messages of other countries.

@MpSniperM1911 4 года назад

about the last phrase of the video: unfortunately the computer started being developed in a elite group in universities and in the military, only later it became widespread in 1st world countries specially, so: this kinds of backdoor is really worrysome (is that the right word?) but for me it isn't that surprising, i didn't knew it was intel ME a spyware all along but the concept of a intentional backdoor in all consumer hardware wasn't a new thing to me

@MpSniperM1911 4 года назад

@Irish Bucket List Book i think the best way to have your privacy is to do everything from the very start, even acquiring the minerals, sand and oil if possible, and also never using their stuff basically

@henrikpersson5420 2 года назад

That's not why things are like they are today. 2001 and the Brotherman bill is the reason. :) Computers haven't always been insecure, but with an increase in disobedience they have been tightening their grip. Win 11 for instance requires a camera and Bluetooth connectivity. Covid might've been a ploy to limit real life interraction and normalise digital channels that can be monitored. Now the virus is real, but how it came to be and the restrictions on the other hand might've been manufactured to have a certain effect.

@maxthexpfarmer3957 2 года назад

@@MpSniperM1911 How are they going to hide spyware in the oil? It's going to be burned anyway.

@looweegee252 4 года назад

Me: "I should upgrade my old Q6600 file server, it still works but starting to show it's age." This video: "It's fine."

@anonymous82783 Год назад

This takes the word "intel" to a whole new level.

@namenlosNamenlos Год назад

Indeed.

@TheJackiMonster 4 года назад

There are already some senators who like to use something like this to get access to every piece of encrypted data on a consumer device if necessary... So they want to force all vendors to build something like this kind of spyware into all devices. This means that buying any device in the US will be equal to buying a full access backdoor to your own data.

@Scaramouche122 4 года назад

@@gvonc33 no shit человек

@monad_tcp 4 года назад

@@gvonc33 Its funny because the US gov think others won't use it against them. What's the basic moral principles of don't do to others what you don't want them doing to yourself. US gov be like: we can spy on you, but don't spy on us

@Tokagawa89 4 года назад

@@gvonc33 great logic. Doesn't justify it.

@sirzorg5728 4 года назад

It only ever has been about power.

@jackjhonson5757 4 года назад

I would rather buy Chinese

@MrJoseklon 4 года назад

Minix is free and open source thoe, the book for Minix form Prof. Tanenbaum has all the source code at the end of the book. The Intel ME runs a propietary fork of Minix I wouldn’t call it pure Minix.

@null7879 4 года назад

In fact, what people often call “ME” is really Minix/ME, or, as I have taken to calling it, ME plus Minix.

@computer-love 4 года назад

yeah i've looked into minix before and it seems like a very interesting concept, unfortunately development has been at a standstill for almost 2 years now

@MrJoseklon 4 года назад

christian murray awww shit i lost it lol

@monad_tcp 4 года назад

ME is just an appliance over the kernel. also, isn't Minix BSD license?

@deoxal7947 4 года назад

He said that basically verbatim

@s1gm4_4c4d3my 4 года назад

nope kernel runs on ring 0 on the main processor, rings 0 to 3 are actually implemented on the main processor (the one not of the Intel ME ) as a protection mechanism. So if the IME has some power over the main processor and not viceversa it would be fair to call the "ring on which it runs" ring -1.

@juxuanu 4 года назад

I was having similar thoughts.

@connorkadel8198 4 года назад

Technically it operates on Ring -3, as System Managent Mode (a state of elevated control over the CPU) operates at Ring -2 since it can only operate while the computer is turned on. Because the ME is active even while your computer is turned off, it is considered to be the most privileged controller in your computer.

@monad_tcp 4 года назад

ring -1 is the hypervisor

@vasilis23456 4 года назад

Kind of except with Intel Vt-x the kernel runs on ring 0, the hypervisor runs on ring -1 and is virtualized, so then I guess the management engine is ring -2.

@s1gm4_4c4d3my 4 года назад

@@vasilis23456 I mean... from the perspective of being inside the virtual machine I guess so, I just consider ring 0 to be"where" a kernel not in a virtual machine runs.

@IreshDissanayakaM 4 года назад

It has been running the whole time on my computer and I didn't even know. Terrifying!

@RogueAmendiaresyourgirl 3 года назад

Same.

@dan-tv1kp 4 года назад

"There isn't much you can do about it": A. I've thought of a cryptographic method that you could use to insulate your system's storage and memory from the ME. It's kinda complicated, and I dunno if any x86 os even supports it. However it is possible. B. Use ARM. ARM mfgs get to see the HDL. So, if ARM was hiding anything mfgs would know and word would get out. ARM's business model is inherently safer than Intel's & AMD's. C. If your protecting a nuclear ICBM silo in your backyard, you could use a high performance FPGA. An FPGA is like a programmable microchip. With an FPGA, you can design a CPU exactly how you like it. You don't actually need to design it yourself though. Just use an open source RISC-V core like the "Rocket Chip" or something. I think it's important to note that the ME can't just record all of your data. If the FBI (or CIA if you're a foreigner), or someone who reverse engineered the ME were after you, they could leverage the engine to to collect data from you. It's not as if this is happening to people and nobody knows about it though. The data would need to be exfiltrated somehow, and somebody would notice that.

@vrc7net 4 года назад

If you want to learn more about this I recommend Bunny Huangs Talk about "Open Source is Insufficient to Solve Trust Problems in Hardware" (you can find it on youtube). Even your own custom FPGA cannot be trusted completely. Of course, unless you are some really high profile target no one will bother to attack your custom chip, but I still think it's quite an interesting topic.

@prodbypo_ 4 года назад

arm is also the future so thats pretty cool

@monad_tcp 4 года назад

or just plug an offboard LAN card

@monad_tcp 4 года назад

also, FPGAs also have firmware what sneaky business you are doing anyway?

@monad_tcp 4 года назад

"a method that you could use to insulate your system's storage and memory from the ME. It's kinda complicated, and I dunno if any x86 os even supports it. " a PlayStation4 would be such an example.

@a_noob559 3 года назад

If anyone out there is paranoid now, then buy a USB/PCIE network adapter, and abstain from using the integrated ethernet adapter on your motherboard (same goes for onboard wifi, if your motherboard supports it.) Why? Because Intel ME doesn't know how to use anything except for the integrated adapter(s), and therefore it will be unable to communicate with the outside world. That obviously doesn't fully disable ME, but it essentially neuters it.

@Foused87 Год назад

@Lucas Budde Mior that's a question

@Raging-Lion 4 года назад

Intel inside means a whole other thing now

@your_new_sjw_waifu 3 года назад

I recently bought a Dell precision 7540 and Intel ME disabled from the factory was the default option. I was pleasantly surprised to see that but this is Enterprise Dell so it makes sense. Also, because it's Enterprise Dell you don't get shafted. 4 SODIMM slots and 4 m.2 slots are in there. No funny business of "you opened it to add more ram so your warranty is void" or "you didn't order a second harddrive so we didn't soldier the other m.2 connector to the board" or anything like that. Built in gigabit Ethernet as well. It makes me sad though because laptops like this probably won't be around for much longer.

@j.k.4479 2 года назад

Do you know if Dell does the same thing for their Alienware brand?

@ILoveTinfoilHats 2 года назад

@@j.k.4479 Definitely not. Dell's entire consumer line has gone to crap. Stay far away

@fgsaramago 2 года назад

Actually, the Intel ME exists supposedly to cater to network administratirs so the enterprise is where it would make sense to have it enabled

@SergeantExtreme 2 года назад

Not true. Many more companies are waking up to this kind of thing. Purism is a great example of a company that sells good computers with the Intel ME disabled by default.

@oventree Год назад

as far as i know the actual ME firmware in those ME disabled dells isn't stripped of all the extra modules that aren't necessary to bring up the CPU, so you'd probably want to run ME cleaner as well. however even with a stripped and neutralized ME there's still the SA-00086 vulnerability in a lot of intel's older chips that is apparently present in one of the core modules needed to start your computer. and as far as i know it can't even be patched with an ME firmware update.

@ARitzCracker 4 года назад

Unlike intel ME, though, most AMD systems allow you to disable AMD's PSP. But then you don't have the on-board TPM to do secure boot with, which may or may not matter to you.

@ThylineTheGay 3 года назад

How?

@ARitzCracker 3 года назад

@@ThylineTheGay In the case of my laptop, there's a bios setting literally called "AMD Platform Security"

@ThylineTheGay 3 года назад

@@ARitzCracker oh

@TheMohawkNinja 2 года назад

Intel is the same way. You can disable it in the BIOS, or just uninstall the ME driver.

@averagegeek3957 2 года назад

@@TheMohawkNinja I haven't seen the BIOS setting you are talking about, but the most that could do would be preventing the ME from being visible to the OS (because it has to be visible to the OS for firmware updates). The ME still boots up and has all its privileges regardless of how the BIOS is configured or what driver is installed on the OS. I imagine the same to be true for AMD's PSP.

@TheMrKeksLp 4 года назад

IME doesn't just have ring 0 privileges, it actually runs in ring -2

@ME0WMERE Год назад

or really -3, as it can run while your computer is turned off

@night_h4nter 4 года назад

Well, at least AMD says PSP can be disabled. Not that anybody trusts vendors in such things, but it can still be true (in theory).

@quadrupledamage 4 года назад

at least they attempt to give you the illusion of being able to turn off the spyware :)

@longnamedude3947 4 года назад

You can turn off AMD PSP? That's news to me, I thought both Intel ME & AMD PSP were hardcoded to never be switched off when shipped with hardware? By the way, you can get Intel CPU's without Intel ME, I know, I have one. Intel ME - Level 4 Disabled, basically no information seems to be available about it anywhere that I can find, but it is completely removed from the CPU, it also means lots of consumer features are totally non-operational with no ability to enable them.

@GhostSamaritan 4 года назад

@@longnamedude3947 Yeah I was installing something and it said I needed to install Intel MEI drivers but the drivers refused to install. Maybe not the same thing but semi-related, I guess?

@xL1PEx 4 года назад

@Kohina closest thing right now: github.com/PSPReverse/PSPTool

@brunettebird57 4 года назад

It can't be disabled, as it controls the DRAM initialization. It's a fake choice.

@Chris-rm1pn 4 года назад

Still waiting for affordable OpenPower PCs

@Arctic740 4 года назад

how about ARM?

@longnamedude3947 4 года назад

POWER10 fingers crossed. Got my eyes on the Raptor Computers stuff.

@bitnatures 4 года назад

@@Arctic740 is there open source arm processors? I thought most had proprietary blobs.

@rodrigosouto9502 4 года назад

RISC-V seems promising too

@censoredterminalautism4073 4 года назад

I'm am too poor to consider even that, but you could look for older used machines running different architectures, if you want to maximize security. There are a few different options. Maybe if you're lucky you can get your hands on one of the old POWERs for not that much. I haven't researched this at all, but maybe it's a possible affordable option. New hardware is not necessary.

@TheMagzuz 4 года назад

A bit beside the point, but I feel like you kind of missed the mark on the example about security by obscurity. Windows does not have more viruses created for it than Linux because it's closed source. It has more viruses created for it because it has a sigificantly larger userbase than Linux, and that userbase is also generally less tech savvy. The same goes for OSX, but not quite on the same scale

@effsixteenblock50 4 года назад

@TheMagzuz Yep. Malware authors are naturally more apt to write for the OS with the most market share. He also didn't mention that a not insignificant portion of the windows code base is no longer closed source.

@sterkriger2572 4 года назад

effsixteenblock50 macOS as far as I know isn’t too

@kaz_iaa 4 года назад

Sure, the desktop space is heavily sided towards a higher Windows usage, but Linux dominates the server market, which can be a much more lucrative target for some than the end users. Linux is a very prime target for this reason, and so the argument of "less users" doesnt really make sense with server computing taken into account.

@PhirePhlame 4 года назад

THIS. Mac OS didn't really have much of a malware problem until it started catching on. Of course, Apple advertising that Macs don't get viruses probably didn't help, as virus makers tend to take such claims as challenges. If Linux starts to also go mainstream, so too will Linux malware.

@PhirePhlame 4 года назад

@@kaz_iaa But server admins are generally much more proficient and wary than your average end user, which makes it significantly harder to even get into one in the first place.