@novenary@akko.wtf @Sqaaakoi@wetdry.world @i_lost_my_bagel@mastodon.lilysthings.org @samebchase@fantastic.earth
The management engine of all modern Intel CPUs has:
- full direct memory access
- full TCP stack access
- receive and send network packets bypassing the OS
- cannot be disabled past Core2 CPUs
It's a dedicated chip running MINIX, has a dedicated connection to the NIC and is part of the chipset.
The scary parts, the Active Management Engine, claims these ports:
- 16992 (SOAP/HTTP)
- 16993 (SOAP/HTTPS)
- 16994 (Redirection/TCP)
- 16995 (Redirection/TLS)
KVM runs over the last two.
https://www.intel.com/content/www/us/en/privacy/intel-active-technology-vpro.html
AMT is disabled by default.