16

I've read that all recent Intel-based machines include a secret MINIX-based OS, and that it even includes its own web-server.

How does one access this OS's services from the main OS?

Its purpose seems to be to be accessed through the network. How does that happen? Is there a port dedicated to it?

MWB
  • 303
  • 2
  • 11
  • 1
    This is mostly about [Intel Active Management Technology (AMT)](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology) and flaws such as [INTEL-SA-00075](https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr) – RedGrittyBrick Nov 07 '17 at 14:50
  • 2
    The [Wikipedia article](https://en.wikipedia.org/wiki/Intel_Management_Engine) states that `The Management Engine is often confused with Intel AMT. AMT is based on the ME, but only available on processors with vPro. AMT enables owners remote administration of their computer, like turning it on or off and reinstalling the operating system. However, the ME itself is built into all Intel chipsets since 2008, not only those with AMT. While AMT can be unprovisioned by the owner, there is no official, documented way to disable the ME.` – Andre Holzner Jan 04 '18 at 16:02

1 Answers1

11

AMT is is hardly a secret. It is a feature for IT departments to get pseudo-console access to PCs over the network and remotely manage them. (The common term is Out of Band or OOB management.)

It is comparable to HP’s iLO or Dell’s iDRAC, which are for servers. In the case of servers, there is usually a dedicated NIC for OOB. For desktops, that is not feasible. So Intel’s AMT lets the motherboard NIC be shared between the CPU and the Management Engine.

Here are some links to get you started:

https://software.intel.com/en-us/articles/getting-started-with-intel-active-management-technology-amt

https://www.howtogeek.com/56538/how-to-remotely-control-your-pc-even-when-it-crashes/

Note that despite many of the articles you read, not all Intel PCs have this feature. It is typically only found on business CPU/chipsets, as it is one of the differentiating features to justify the price point.

myron-semack
  • 488
  • 4
  • 8
  • 1
    Unfortunately no one really knows how to, access for example the web server (let alone the shell) of the ME (without ATM). – Konrad Gajewski Jan 20 '18 at 21:26
  • It's just a matter of time before it gets out in the open on how many chips it really is... https://www.tomshardware.com/news/researchers-reverse-engineer-entire-cpu-processor-chips,40590.html For now, those who know will only tell you for a large sum of money, and those who paid for it are unlikely to share it on the internet - could actually be irresponsible if sharing it meant anyone could steal your passwords by simply having access to your network. Also, we're already on a watch list, purely for thinking about this... do you really want to see how deep the rabbit hole goes? – Dagelf Jan 22 '21 at 16:24