What happens if one one assumes that the likes of the NSA can directly access one's computer and poke around at will?
For years Microsoft has been accused of building or allowing back doors in to windows. If that is true, none of these schemes will work, right?
For years now, I have just assumed that my computer is a government spy sitting on my desk. OK, paranoid, no real proof what so ever, and OTT. But, I feel it is wise to assume and act like that is true. Or, know the risk you are taking.
How to be secure on the internet? Don't use the internet.
Yep, it's amazing how many people start by assuming that their OS is safe... and there's no basis for this assumption, even without assuming intentional backdoors baked in, there are some many 0 day exploits for all the software we use daily that...
...heck, I'm not even 90% sure that compilers don't add backdoors to software (it's not paranoia... but with a 30 y o idea, you can imagine that people have had time to refine it to unimaginable subtlety :) http://cm.bell-labs.com/who/ken/trust.html)
The only alternative to making this assumption is to treat computers as compromised non-trustable entities, forgoing their use as true extensions of the mind and leaving all individuals at the mercy of the ever-growing computing system. Instead, we treat the assumption as fact, making do with the imperfect OSs we have and incrementally fortifying them to solidify the assumption.
Why would you possibly need to add an extra core to the CPU to spy on people? What you're thinking of is more like LOM, where there's a second, low-power processor to remotely control the whole computer even in a powered down state. Depending on the level of integration that might give you cross-platform snooping, but it wouldn't be Intel and Microsoft, it would be Asus, Asrock, Gigabyte, MSI, etc.
You mean the Management Engine (mandantory to supply with Intel-proprietary firmware since 5 series)? Since it's the key components of Intel AMT, its features are - at a minimum:
- can run while the CPU is off
- isn't controlled by the CPU (except some protocol which is voluntary on the ME side)
- has access to the onboard GPU's framebuffer
- has access to onboard USB and on-chipset NIC
- can access RAM, bypassing the OS (_maybe_ host-controlled, since the only known use is IDE-R)
Scary enough?
On AMD the situation looks safer for now: while they have _two_ embedded controllers with firmware, from what we (coreboot developers) could gather, their reach into the system is much more limited: they could probably DoS the system by killing access to RAM and/or turn off the fans
If I was the CIA/NSA I would definitely force Intel/AMDs hand to put a kill switch on the chip. That way if I was waging war with country, I first broadcast a special signal killing off all the CPUs I can. Then we launch our attack.
The kill switch could be anything:
1. Some particular frequency that causes the CPU to malfunction deliberately. Just a 1 bit malfunction is enough.
2. Something delivered via an OS update patch.
Only a matter of time before a nefarious person discovers how to trigger the kill switch at their will. If this happens, Intel will immediately go out of business. They know they can't just blame the NSA. That's why Intel has every incentive to aggressively fight such orders.
The extra cpu runs its own operating system. It has hooks into the main cpus - can read their registers on every clock cycle and an in built radio transmitter. when many of them are put together they form their own cluster, something on those lines.
For years Microsoft has been accused of building or allowing back doors in to windows. If that is true, none of these schemes will work, right?
For years now, I have just assumed that my computer is a government spy sitting on my desk. OK, paranoid, no real proof what so ever, and OTT. But, I feel it is wise to assume and act like that is true. Or, know the risk you are taking.
How to be secure on the internet? Don't use the internet.