After learning about remote management capabilities I've always suspected it had holes. Large attack surface, any exploit would have a high value, and closed source.
Perhaps one day we'll be able to buy CPU's without this "feature".
I'm betting AMD and ARM are in the same boat.
> After learning about remote management capabilities I've always suspected it had holes. Large attack surface, any exploit would have a high value, and closed source.
Even after reading this, I'm still not convinced it does have holes. It's so high value (pervasive, incredibly powerful, and old) that if it were possible a bad actor would have used it. The spectrum of possibilities is small:
1. The hole does not exist, but SemiAccurate thinks it does.
2. It exists, but only SA has discovered it.
3. SA discovered it along with a few bad actors, who are using it surreptitiously and haven't been caught.
4. It's being used all over the place, it's a widely acknowledged security disaster.
We're not in state 4. The article suggests we're in 2 or 3. 2 seems unlikely - SA does not have special abilities that transcend those of other security research firms. 3 seems especially unlikely: with this much power available, and with the hole being patchable, could they resist using it? Which leaves option 1.
SemiAccurate isn't a security research firm, it's a tech news blog. There's basically no chance that they've discovered anything. If there's an exploit, they would've had to have heard about it from either a source inside Intel or an actual security researcher of some kind.
There are many high profile targets where "if it were possible a bad actor would have used it" has been proven false. See recent publicity about vulnerabilities in printers, antivirus products, etc.
After learning about remote management capabilities I've always suspected it had holes. Large attack surface, any exploit would have a high value, and closed source.
Perhaps one day we'll be able to buy CPU's without this "feature". I'm betting AMD and ARM are in the same boat.