Is Your CPU Spying On You?

Is Your CPU Spying On You?

What if I told you that there is a special
chip in your computer that has absolute control over your entire system, is remotely accessible,
has secret proprietary code that you can’t look at, and there’s no way to disable it? Well, it’s true, and it’s scary. Let me introduce you to two things you’ve
probably never heard of before: Intel Management Engine, or Intel ME, and AMD Platform Security
Processor. Like I just said, these are essentially backdoors
into almost every computer made in the past 10 years or so. Intel and AMD swear up and down that they’re
only used for legitimate purposes, though we have no choice but to take their word for
it. Let’s start with the Intel Management Engine
is an isolated, standalone co-processor that is physically embedded in every Intel chipset. To put it simply, it’s like a mini-computer
within your computer. But the scary thing about it is that no one
knows exactly what it does, because it’s proprietary code, and Intel has not released the source
code. Now it obviously has legitimate features that
Intel has no problem talking about, but you can’t help but wonder if there’s more to it. Here is a list of things this hardware can
do. It can access ALL areas of your computer’s
RAM, completely bypassing the main CPU. It has access to everything attached to your
computer. It can access your network interface to send
and receive traffic, bypassing any firewall in your operating system, or even if you’re
operating system isn’t running at all! And to top it all off, it can remotely power
on and off your computer, so it’s no surprise that it can do all these things even if your
computer is turned off. Of course, if the rest of the computer is
off, there isn’t much it could do anyway since your hard drive and memory aren’t powered. By now you might be thinking, what the hell? Why does this even exist? Well, it’s main purpose is to allow you or
a company system administrator to remotely monitor, maintain, update, or repair your
computer. This is especially usful in companies, where
they might manage thousands and thousands of computers. It doesn’t make sense to go around to every
single computer to install updates. You really need to be able to do it remotely,
in bulk, without requiring employees to do anything themselves. Now you might be thinking, well OK, that actually
makes sense, I could see how it might be helpful. But I don’t need any of that, this is my own
personal computer, so how do I disable it? Well I’ve got bad news for you. You can’t. And you can’t buy an intel processor without
one. And as I mentioned before, you can’t even
escape it by going with an AMD processor. You see they have their own version of this
called the “Platform Security Processor” or PSP. It’s a different implementation, but for the
purposes of this video, they’re close enough, and it has the same super privledges as Intel
ME. It can basically control everything on your
computer, and we have no idea what the actual code is. OK so all my computers have secret backdoor,
great. But my cell phone doesn’t use AMD or Intel,
so surely I’m safe…. WRONG. Have you ever heard of a “baseband processor”? Every cellphone has one, and it’s purpose
is basically to convert between digital signals and radio signals for the phone’s antenna. So you NEED one of these for the phone to
even work. And yes, this also has low level access to
all sorts of data on your phone. But the most important thing to note is that
just like Intel ME and AMD PSP, baseband processors are all proprietary. No matter what manufacturer makes the phone,
they’ll all have their own version of this black-box processor that can’t be accessed. So at this point I’m sure most of you are
thinking, OK, that’s pretty creepy that every computer I own has some sort of back door
that I can’t disable, but I really don’t think Intel and AMD are actually using this to spy. But that’s not the main issue here. I mean yes, I agree that it’s very unlikely
that Intel and AMD are actually using this to spy on people. They’d have little to gain, and everything
to lose if it was ever found out. But it’s not Intel and AMD we need to worry
about. You see, the REAL problem is the possibility
that these special chips could be cracked by some hacker group, or more likely some
government. These chips are obviously protected with some
hardcore encryption, but that someone couldn’t discover some very clever exploit for it. If THAT happened, they would potentially be
able to take control of literally ANY computer they wanted, remotely. And no one would ever know, because they can’t
see into the chip in the first place, so they wouldn’t know it was exploited. On top of that, because it bypasses the main
processor altogether, there’d be no way to stop it, and you wouldn’t even know it’s doing
anything in the first place. I don’t even think you’d be able to defend
against an attack on it either. If you think about it, this thing has dedicated
access to your network interface. So if an attackere were to send you a malicious
payload to your computer, even if it were blocked by your software firewall, it might
still go directly to the ME chip and infect it. By the way, you just KNOW that the government
is trying to crack this technology. I mean they’d be stupid not to. It’s like the HOLY GRAIL of hacks. So the sheer magnitude of this risk outweighs
whatever tiny probability that they’ll exploit it in a way that could be disastrous. To give you an idea, I want you to imagine
this. You have this uncrackable safe, like the lock
on this thing is truly perfect, can’t be picked and there’s an infinite number of combinations,
and also the walls of the case are made of an imaginary metal that’s impenitrable by
any drill or tool known to man. And in this safe, you put EVERYTHING YOU OWN. And then you put this safe outside on your
front doorstep, so anybody passing by can walk up and look at this safe. But not only that, EVERYONE in the entire
world also has this same exact safe! How much effort do you think someone like
the government might dedicate to finding a way into that safe? How long do you think it would be before they
find the TINIEST, most obscure, unthinkable weakness that lets them open it. Well sure it’s going to take them a long time
and a lot of work probably. Maybe they find out that if they tilt the
safe at exactly 0.25 radians and heat it up to 100 degrees faranheit, and apply a magnetic
field of 1 Tesla, that the door just falls off. I mean what are the odds that anyone would
figure that out? But really, with stuff like this, it’s not
a matter of if, but when. Some of you may be familiar with a concept
called “Security Through Obscurity”, where the basic idea is that if you hide something
well enough, or keep it’s design a complete secret, that no one can exploit it because
they don’t know anything about it. And it’s not always a bad idea actually. Kind of like how you might hide your money
in the pages of a book on your shelf instead of in a safe in your closet. You’re betting that the chance of someone
finding it THERE is less than the chance they’d be able to open whatever safe you put it in. In computer security there are some advantages
and disadvantages you might argue with security through obscurity as opposed to open source. The argument for open source is that because
everyone can look at the code, good guys can then find any exploits and report them to
be fixed. Whereas if the code is proprietary, bad guys
might be the only ones who find the exploits, and obviously never report them. On the other hand, the argument for obscurity
is that if code is open sourced, exploits are more likely to be found in the first place,
and there’s no guarantee that the good guys will be the ones finding them. And also, bad guys might be more willing to
spend time searching for these exploits since they get way more out of finding them. I think both arguments can be valid depending
on the situation. But the main thing to know is that no matter
what you do, you can never be 100% truly secure no matter how hard you try. For example, you might have the strongest
password ever, but if someone puts a gun to your head, you’re going to give it up. Going back to the main topic of this video,
this means that it doesn’t matter how supposedly secure these chips are. Just their existence poses a risk. But before you get too worried, there is a
shred of hope. In a reddit thread, AMD said that executive
level attention would be given to looking into the possibility of releasing the sourcecode
for their Platform Security Processor. To be clear, they didn’t say they would do
it, they didn’t even say they might do it, but they did say “this has CEO level attention
and AMD is investigating the steps and resources necessary to support this.” So you’re saying there’s a chance. We’ll have to see. If they did release the source code, it would
not only allow the code to be audited for exploits, but possibly allow it to be disabled
altogether if you want. Which honestly I don’t know why there isn’t
the option to do so already. So now that we’ve seen the light of just how
exposed we could be, no matter how small the possibility, what can we do about it? Nothing. Absolutely nothing. Seriously. It doesn’t matter what operating system you
use, there’s no special command to turn it off, and if you phyiscally go in and break
it somehow, your computer will refuse to boot. Really the only thing you can do is follow
the usual advice for securing your computer every other way, and hope for the best. So yea I hate to stop it there but that’s
really it. Hopefully this video didn’t freak you out
too much. Be sure to let me know what you think, and
if you want to keep watching you can click these videos right here. Also if you want to subscribe I make new videos
three times a week, tuesday thursday saturday. So it should be worth it. So as usual thanks for watching, I’ll see you next time, have a good one

100 thoughts to “Is Your CPU Spying On You?”

  1. Isn’t that why active directory a thing for large companies, a centralized directory to push updates and manage several computers over a network all at once

  2. Intel ME
    Why shouldn't NSA spy on me? Never trust any electronic device. Even if you use Tails.

  3. I can escape it.
    AMD Phenom II x4 945, NForce 630a Chipset & no UEFI Bios !
    And my old Intel Pentium M Notebook from 2002 doesnt have TPM or this stupid Intel Managment Engine thing !
    btw: stop talking shit ! Intel ME is not on any Intel Chipset ! It's just on the Core i3,i5 & i7. And there are tons of Intel CPU's before the Core Series.

  4. Our grandparents and great grandparents would NEVER tolerate this kind of big brother bullshit. I wonder why we do today ?

  5. If we can't disable it, there is no way in hell it should be considered anything other than a huge threat. Very suspicious.

  6. You can circumvent the IME system on a desktop by using a standard NIC in one of the slots that is free on your mother board.

  7. Well. You miss one obvious way in. Peoples corruptability. Meaning, how much would a government pay an engineer at Intel to spill the beans? A lot. Someone will take the deal.

  8. If this chip can turn on an computer remotely. How it would receive the command if the wifi is turned off. Also the wifi needs a driver that is accessible just the the OS is running?

  9. Just don't connect to the internet. I have a friend who works on very important stuff on his primary computer which is not connected to the internet.

  10. If it REALLY can't be removed, or at the least disabled why are there so many YouTube videos around showing exactly how to do it plus GitHub code that replaces the BIOS stuff.

    Also, how the hell does ANY chip run without power, which would be the case if the system was switched off (at the mains)? Are you saying that the ME chip you showed has its own internal PSU that runs off a 3v lithium bios battery?

    If this is SO well known (been around 10 years or so) then why has nobody bothered to logic analyze the "chip" for its inputs and outputs to determine how it's baulking a boot process?

    Not a problem for me at present. Still running a 2006 system that's had multiple upgrades, can no longer run Windoze AFAIK but runs the latest version of Mint with zero problems and JUST as fast for the apps I use daily as any other modern machine that has had the life sucked out of it by Microsoft bloatware! Now I know why HP, Dell, Lenovo and the also-rans are always pushing us to buy the latest and greatest … They're under the CIA, FBI, Homeland Security cosh too! Time to build that Raspberry Pi cluster after all. LOL … immunity for around £30 per Pi! No ME or equivalent and zero vulnerability to Spectre and the like.

  11. It OK poor don't have many bank credit account to protect also squatters don't have secret mansion to hide and ordinary person cannot do anything to make rich like one who spying him only porn site will make money using spying codes.

  12. I made a virus that is able to use a bug on MSI motherboards so it can inject itself into the Intel ME chip.
    It hijacks your PC and records all browser windows and records banking details then if network card is detected it sends the data to a remote heroku server that saves the info into a database.
    it then infects any EXE that superfetch thinks is likely to be opened.
    Allowing for it to spread across PC's via file sending.
    I havent released it…

  13. The govts already have access to the back doors. Why do you think the US has been banning Chinese devices from sensitive devices!

  14. Try this. Put all computers behind pfSense router and configure pfSense to deny all incoming traffic by default just like how Gufw firewall in Linux desktop does. This way any attempt at remote access will be denied by pfSense router right off the bat. This is probably the most risk free way without tampering with IME/PSP, you will just have to make sure pfSense router you choose doesn't have anything like IME/PSP. You can likely also use DD-Wrt instead of pfSense.

  15. The manufacturers have already had a gun pointed at their heads… and they have already given up the code and access to every computer with their chips in the computer. We won't know if or who is exploiting our resources (information is a resource as much as our money in the bank) or for why. A real threat to democracy and freedom. LONG LIVE THE NEW DICTATORSHIP.

  16. Global chaos because a homeless guy cracked all chips in the world… Not a problem for me – I was also wondering about what happens after death, and it was so much confusing to me, that I don't mind dying. Anyways, I somehow knew that there is something like this at every single computer.

  17. I might be asking a stupid question, but if I use a discrete network adapter (like on PCI-E or USB) instead of the integrated one, would the IME be able to find and use it? How do you think?

  18. I don't know that the 'government' is trying to access IME. Maybe some less than forthcoming section of the security services. Could you imagine what would happen if it was discovered any government authorised their intelligence services hacking this possible vulnerability? But say this happens. They've got the codes, they can get in. How now do they pinpoint the PC they want?

  19. Intel is an Israeli company, and AMD is a USA company. Both have strong intelligence agencies. I cannot imagine CIA and Mossad have NOT already gained the backdoor to all of it.


  21. Good old tio Joe, how wrong you are. Just disable the Intel imei chipset inside your device manager and your good to go.

  22. I hope my CPU is old enough. It's an Athlon II quad core 3 GHz. I was thinking about an upgrade. Not anymore. This is the biggest security hole I've run into in my 37 years of using computers. It literally makes AMD Intel etc the true owners of your computer since I the owner can no longer secure or even understand my computer.

  23. Just another confirmation that ALL companies that are involved with computers from their from their components through their installed O/S are criminal organizations.

  24. Could an amd chipset be wired to an external code reader and vice versa. And use a decipher to crack the code? I'm not a computer engineer. But seeing how mods are done for gaming. I wonder if its possible.

  25. This all seems like some conspiracy theorist crap though. If hackers are able to gain access to and exploit this chip, why can't other people? Surely if the risk of it being exploited is so high, other people would also look for ways to do this equally desperately as to protect their computers. If you can get the chip to execute code, why can't it execute commands to view / modify or delete it's own firmware? Besides, where does the chip store it's firmware? If the chip has so much functionality, including managing USB devices, reading keyboard input and accessing the network, it must have some pretty heavy (for a single chip) OS running on it. The Linux kernel alone is around 70mb. I doubt this can be stored on the ROM of this single tiny chip. And what about drivers? Does it come with support for every single USB device by default? Unlikely. Therefore it must install drivers but that suggests that it can easily be exploited with a malicious driver which would lead to it easily being disabled with said driver. Also, why is no traffic from the chip ever detected by traffic inspection programs like wireshark? Why is it never detected by any proxy which sees all the traffic passing through it? Even if the traffic can go under the radar of the host OS, it can't go through a gateway undetected since it's a completely separate computer which handles ALL outgoing and incoming traffic. All of this just makes it seem a lot like a fake story used by many tech YouTubers to get views.

    But I might be wrong. I would appreciate it if anyone suggested any way it could still work.

  26. Believable, I have a 2006 Mac Pro that I upgraded to Yosemite back in the day with a custom bootloader. I had trouble with FaceTime and such and was told by online users even though I was on unofficially supported software, Apple could help. Apple tried connecting remotely and kept acting confused because they had extremely limited access to my computer.

  27. IME has been around since 1908. I had been asking for years. As for corp asset mgr and pushing out updates, the real world don't work that way.

  28. This is why rootkits exist. Now I'm glad that hackers promote the downfall of backdoors simply by hacking into government computers.

  29. Yeah, agreed, some of us don't need nor want their help. So, it is benefiting enterprise solutions often using bulk purchased licenses via an integrator. Those licenses, try to get them. See if they match the Windows hologram sticker. Good luck getting it. Obviously this usually screws the end user, or ties the hands of an in house Admin. I would imagine…

  30. And where does all this technology originate? Yep the NSA/CIA run U.S.A then they have the fucking cheek to complain that the Russians and the Chinese are hacking our networks. Wake up world it's not China and Russia it the warmongers of the world the good old U.S.A. we should be stopping.

  31. made in israel for your consumption. unit 8200 mossad. for new world order coming soon to a theater near you. israel is the problem . they want to control the world and we better stop this soon or it may already be too late. the internet is over. the thing is. who knows how long this kind of thing has gone on. perhaps it always was there and we never knew it. i mean think about it. where did the internet come from? who invented it?

  32. Not surprised at all Joe, hacker I have on my device hides behind Google app hacker has his own Google on my phone,invested both my devices,woeful attack hacker do anyway i say thanks Joe i enjoy+knowledge u help me with unmeasurable,enjoy.

  33. Well, isn't that special? I guess I felt there might be something of a backdoor built into our computers. But to find out that the back door is built in to the processor is a little disconcerting. All the more reason to power down completely when I am not using my pc.

  34. Hello

    it is possible that your CPU is spying on you

    there must be a cache buffer inside

    you know the cpu is like the heart of a body

    directing ordes at the speed of speed

    can do also like the car a loan

    The car always goes when the lender goes off and comes home.

    Thanks a lot to you..

  35. There is something YOU CAN DO!!! BUY older chips that do NOT have the Intel IME or AMD Platform Security Processor!!!!

  36. government agency's don't need to hack shit. All they gotta do is hit the company's with a sepia for the servers. Then issue gag orders, if Dell or intel talk about this back door the government will ripp them in half financially.

  37. you can always flash your bios with coreboot (opensoruce) or Libreboot (opensource) have not looked into the Amd CPU but surly there is a way to remove and install something controllable.

  38. I've seen some scarry stories on computer computers mostly involving the Deep Web. Someone accesses the wrong chat Room and the hackers take over the computer. In some cases the victims destroy the computer completely. What these victims are describing seems to be access to this black box.

    My solution: A constitutional amendment for bidding these kinds of riders.

    The more bitterly the government fights it the more likely that they are exploiting it.

  39. From wiki :

    "In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the NSA budget request for 2013 contained a Sigint Enabling Project with the goal to "Insert vulnerabilities into commercial encryption systems, IT systems, …" and it has been conjectured that Intel ME and AMD Secure Technology might be part of that programme."

  40. I have the ultimate solution for you! Follow these steps :

    1) Buy an 1TB HDD.

    2) Download everything you might need (including a ton of offline games).

    3) Throw that network card into the trash can. No more vulnerabilities to be afraid off.

Leave a Reply

Your email address will not be published. Required fields are marked *