Remote system access has been around since the time of Microsoft’s NetMeeting and PC Anywhere. These are software which allow the IT staff to take over a system’s mouse and keyboard across a LAN or Internet connection and operate on the system as though they were right there in front of the machine itself, seeing what’s on the user’s screen. Countless problems have been resolved this way. Still, this approach does have one major downfall. If the user’s OS is corrupted or crashed, then the remote connection does not work. Enter Intel vPro technology.
Targeted at businesses and not at consumers for now, Intel vPro technology is a set of technologies built into the hardware of the laptop or desktop PC with focus on three areas – e-Discovery and investigations, data protection and loss prevention and automatic system health and updates.
A PC with vPro includes Intel AMT, Intel Virtualization Technology (Intel VT), Intel Trusted Execution Technology (Intel TXT), a gigabit network connection with a minimal Core 2 Duo or Quad processors or Centrino 2 processors. Intel AMT is a set of remote management and security features designed into the PC’s hardware and which allow a sys-admin with AMT security privileges to access system information and perform specific remote operations on the PC. These operations include remote power up/down (via wake on LAN), remote / redirected boot (viaintegrated device electronics redirect, or IDE-R), console redirection (via serial over LAN), and other remote management and security features. In essence, vPro allows IT technicians to protect, maintain, and manage notebook and desktop PCs, even if the PC’s power is off, its OS is unresponsive, hardware (such as a hard drive) has failed or software agents are missing.
This “embedded” technology ensures that IT administrators can quickly identify and contain more security threats, remotely maintain PCs virtually anytime, take more accurate hardware/software inventories, quickly resolve more software and OS problems down-the-wire, and accurately diagnose hardware problems, all without leaving the service center. This allows the businesses to save millions through increased productivity and reduction of administrative overheads and associated costs.
Intel claims that because the vPro security technologies are designed into system hardware instead of software, they are less vulnerable to hackers, computer viruses, computer worms, and other threats that typically affect an OS or software applications installed at the OS level (such as virus scan, antispyware, inventory, and other security or management applications). For example, during deployment of vPro PCs, security credentials, keys, and other critical information are stored in protected memory (not on the hard disk drive), and erased when no longer needed. VPro even allows a PC user to press a few keystrokes, even in the midst a total operating system crash when not even the mouse pointer is responding. This sends a dispatch to IT indicating the user needs help. Interestingly, this also shows that the motherboard is monitoring all keystrokes all the time. But is that all what vPro is doing?
Such ‘Trusted’ computing technology raises many potential security concerns for users especially the fact that there is apparently no way to disable vPro on a PC along with the fact that most users cannot detect outside access to their PC via the vPro hardware based technology.
This combined with the fact that vPro operates on the main system bus via the Q45 chipset (enables Remote Alerts, secured access in Microsoft NAP environments, Access Monitor, Fast Call for Help, and Remote Scheduled Maintenance) and on the CPU via Core 2, it theoretically provides access to all hardware including memory, the CPU to special software and compute abilities and communications which allows it to send and receive behind the scenes. This means that a remote user could theoretically gain access to the entire system covertly through vPro and then it’s just a matter of snooping through memory and hard drive files until whatever they’re looking for is found and transmitted using the Gigabit ethernet connection through which even 16 GB of RAM content could be transmitted in about two minutes. It’s worth mentioning here that disgruntled and ex-employees usually pose the biggest security threats to enterprises.
Intel doesn’t release details but if the vPro snoop software was built on AI or is at least smart, it could also send the typically used 800 MB or so of OS RAM and program data in under 10 seconds along with other data. This is the area of memory which contains the cipher keys and encrypted data, and information about paged data which could then be retrieved from the hard disk. All of this can theoretically happens remotely and covertly without the typical user ever knowing anything about it.
Though the claims of the industry are that it’s a secure platform, pretty much as anyone in security arena recognizes, any bit of “secure” computing is only secure for a limited period of time. Eventually, the security is cracked. It has happened with vPro technologies in January of last year when security researchers from Invisible Things Lab created a software that ‘compromised the integrity’ of software loaded using Intel’s vPro Trusted Execution Technology. TXT is supposed to help protect software e.g. a program running within a virtual machine from being seen or tampered with by other programs on the machine. The researchers said they created a two-stage attack, with the first stage exploiting a bug in Intel’s system software and second exploiting a design flaw in the TXT technology itself.
It’s a question worth asking that when something so powerful is made possible through this technology, will really go unexploited by the black-hats and those that crave for power. Intel vPro still has a long way to go before it can win trust.