Every modern computer that has an Intel or AMD processor has a built-in back door and there is nothing you can do about it. It can access all areas of your computer’s memory without the CPU or your knowledge and even more. Want to know what this backdoor is called? For Intel, it’s called the Intel Management Engine. For AMD it’s called the Platform Security Processor.
These are closed source systems inside every Intel chip built after 2008 and in every AMD chip built after 2013. But what can they do? Well, that’s kind of scary.
These subsystems can:
Access all areas of your computer’s memory. That alone allows it to see everything.
View everything that is shown on the screen.
Access every device attached to your computer.
Setup a TCP/IP server on your network interface regardless if your OS wants it to or not.
Run remotely even when your computer is off. As long as your plugged into the wall or battery the subsystem can run.
Remotely power the computer on or off.
So as you can see if you are using an Intel or AMD processor it really does not matter what OS your running. These backdoors have access to everything. They can even open up a remote connection on the network interface.
Known vulnerabilities and exploits
Don’t believe me? Well check out the list of known vulnerabilities and exploits. https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits
and for AMD. https://arstechnica.com/gadgets/2018/03/amd-promises-firmware-fixes-for-security-processor-bugs/
What can we do?
The only thing that comes to mind is to have some kind of external firewall between your computer and everyone else that can be setup to block incoming request or attempts to call home.
Other then that i’m not sure. There is no sure-fire way to disable these systems. You could use an older computer that does not have these systems. Some motherboards and manufacturers like System76 allow for options to turn off or turn down these systems.
But beyond that, we just have to trust intel and AMD if you want a modern x86/x64 CPU. These systems are still a black box after all. We will never be able to fully trust them until the code is open and can be audited.
This is why I like projects like RISC-V. They are making an open CPU so there are no secret black boxes in there.
Learn more
There’s a lot more to learn on this topic so I encourage you to do your own research. I will list my sources below so you can see what lead me down the rabbit hole.
Did I get something wrong or miss something important? Let me know in the comments.
Sources
https://proprivacy.com/privacy-news/intel-management-engine
https://lukesmith.xyz/articles/only-use-old-computers/
https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor
A good first step would be to switch to Linux. Because windows is basically spyware now.
https://www.reddit.com/r/privacy/comments/11ezq5v/has_windows_become_spyware_my_wireshark_test/