12bytes Mumble meet every Sat. night!
Coronavirus information & resources
Vaccines - What You Need To Know

Intel, AMD and your privacy

Intel Inside

Intel's Active Management Technology (AMT) Management Engine (ME) and AMD's Secure Technology both present a massive threat to user privacy and computer security.

On the Intel side, this highly controversial technology is integrated in nearly every processor the company has produced since 2008 and it can be difficult or impossible to disable it. These chips within chips, which run their own operating system, can access, and be accessed from, the network. Intel's AMT/ME apparently has access to all of the hardware in the chain above it, including storage, cameras and microphones. Furthermore, the Intel AMT subsystem remains powered on even when the machine is "off".

In the video, 'GEOSHIFTER' provides the port numbers he believes are used by the Intel AMT/ME system. You can block the ports in your router since it is apparently not possible to block them on the machine itself, however he also warns that doing so may not be effective if the router also uses an Intel chipset. In my case i use a Linksys WRT 1900 ACS which does not use an Intel or AMD processor and which has plenty of horsepower to handle VPN encryption. I replaced the stock firmware on the router with DD-WRT. The better option however would be to buy a Turris Omnia.

I believe the following is the correct code to block the ports on routers/devices which use the iptables firewall. On version 3 of DD-WRT, you can manage the firewall from Administration > Commands. Note that i'm blocking a few extra ports based on my own research of this issue:

iptables -I FORWARD -p all -m multiport --dport 623,664,5900,9971,16992-16995 -j DROP

Video: Intel/AMD - What is really inside? No more privacy?

Further reading:

2 thoughts on “Intel, AMD and your privacy”

  1. I use a dd-wrt router with no Intel chipset and have updated it with your recommendations. I’m wondering though: If the system uses an always-on VPN, does this mitigate risk of these chipsets or in your opinion does that make no difference? I ask because I occasionally have to use my devices on alternate routers that I don’t control.

    1. good question, i don’t know the answer but i would strongly suspect that using a VPN would not mitigate the risk – i use one myself but still blocked the ports, not that blocking ports guarantees anything since i no one seems to have a concrete idea as to what ports are used

Leave a Reply

Your email address will not be published. Required fields are marked *