Know Your Mods: Intel Telemetry Core

I had heard of Intel ME and AMT and AMD PSD awhile back but just discovered Intel Telemetry Collector and the “Compute Improvement Program.”

Mysteriously, my very complex online account passwords just changed themselves without my permission (supposedly stored as a salted hash in the servers, so keylogger Tailored Access op?) after I had to buy a new computer because an EM(I/C) (MIL-STD-461) capability was used for the third time on an expensive computer and aneurismed it.

They want to blank people and computers. Who? NSO? Equation Group? A DOD/DIA unit that targets US citizens in the Continental United States?

What is the best way to neutralize and remove these (malicious) mods?

For example:
modprobe -r intel_telemetry_pltdrv

Is anyone familiar with Prometheus and Grafana? Has anyone used this remote administration interface and can tell us more about it?

What readings are available to whom? IRQs and PIDs to Intel Corp?

(Intel is now installing a telemetry data sniffer with its graphics drivers | TechSpot)

Certain attackers seem to have a penchant for IRQ and peripheral disruptions at the chipset level (CPU, baseband SoC). Is a mod responsible? Can someone identify a specific technique like hex access?

This is telemetry that you use to monitor your own equipment.
It is not spy stuff.

See Intel Platform Monitoring Telemetry Appears Destined For Linux 5.10 - Phoronix

Grafana allows you to visualise data you collect from your systems with collectors that feed into prometheus. There are cloud hosting options, but I self host at home.

I have used these tools at work to monitor a large cloud application and its a life saver!

Again it is not malicious, you set it up knowing what is going on.

I, for example, use them to monitor my home network, my solar panels and the temperature inside and outside the house.

1 Like

The modules are on the CPU hardware level. HAP bit can be changed to “neutralize” Intel ME with ME_Cleaner and Coreboot Configurator. Is there something similar developed for Telemetry OOBM?

Out-of-band Management Technology - Kicksecure

INTEL-SA-00075

How would I gain control over Intel NIC and the instruction set for my own computer monitoring?

Can I remotely monitor memory utilization? Why would I want to? Would the Kernel Maintainers think less of me with an inexpensive computer? Is a system that works perfectly well but is not a supercomputer mainframe really such a turn off? Who is profiling hardware and why does this matter? If I have a nice computer, they will just EMP it so I “fit” some negative profile. To put it a different way, why not monkey-wrench a Fire Engine so they have to use a bucket and can’t have any dates then? Why is lowmem/highmem important?

Actually, there is spy stuff. Oh no! Maybe some martinis with hotties in Monte Carlo! ; )

Vault 7 - Wikipedia

Central Intelligence Agency Directorate of Science & Technology - Wikipedia

The ME can be turned off in the BIOS on all PC’s that I have work on that have it.
Just turn it off. Look for “management engine” or AMT.

All this ME/AMT stuff is to help enterprise IT people control failing Windows on their hardware.

And for that to be used the IT people have to install software in there networks to act as the controllers.

Once ME/AMT is turned off in the BIOS the linux kernel has 100% control of the NIC.

Only if you install and run that software on your network!

Yes, but Intel Telemetry cannot in the same way. Also, there is a difference between “neutralized” and “removed” ME according to the people who developed ME_Cleaner and Coreboot Configurator. So if something is “off,” is it really? The article from Kicksecure mentions how OOBM is still active even if the computer is powered down.

I am interested in what people have to say about the Kicksecure article since they are also authorities on the matter. Doesn’t seem to require “only if you install it on your network.”

Believe what you will.