Most probably you have never heard of the operating system (OS) called MINIX. You would think that such a bold claim as MINIX being the most widely used OS in the world is simply not true. How could it be? Aren’t Windows, Mac OS or Linux the most prevalent operating systems (OS) in the world, in that order? Well, you are wrong, but far from being alone in believing so.
Even the co-author of first MINIX OS version, prof. Andrew Tanenbaum, didn’t have a clue that his work in the field was going to be used for private, uncertain and suspicious purposes:
»I knew that Intel had some potential interest in MINIX several years ago when one of your engineering teams contacted me about some secret internal project and asked a large number of technical questions about MINIX, which I was happy to answer. I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file. This made it possible to reduce the memory footprint even more by selectively disabling a number of features not always needed, such as floating point support. This made the system, which was already very modular since nearly all of the OS runs as a collection of separate processes (normally in user mode), all of which can be included or excluded in a build, as needed, even more modular.
After that intitial burst of activity, there was radio silence for a couple of years, until I read in the media (see above) that a modified version of MINIX was running on most x86 computers, deep inside one of the Intel chips. This was a complete surprise…«
Yes, you read that right. According to prof. Tanenbaum, he unknowingly assisted Intel ( largest CPU producer in the world) in developing parts of code that would later be known as MINIX OS, running on a separate CPU in parallel to the main CPU. Astonishing disclosure, don’t you think?
So what is this all about? Technically, it is about previously secret and powerful control mechanism in all machines with Intel x86 processors. This control mechanism is a piece of software running on a separate chip and is called Intel Management Engine (ME). Intel ME can also run when the platform is shut down, is more privileged than any system software running on the platform and can access (read or write) any of the host’s memory, unconstrained by anything.
Another author Damien Zammit also wrote about this saying:
»When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).
On some chipsets, the firmware running on the ME implements a system called Intel’s Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.«
He further explains that ME can access any memory region without the main CPU knowing about such access, confirming ME’s functionality just described previously. Even more, Damien writes of ME controlling the network traffic on the most fundamental hardware level so it can bypass any firewall running on your system. In simple words, this two facts together mean ME / Intel can access anything stored on your machine and send it to the designated »mothership«. It also means Intel has left a so-called back-door entrance to any machine equipped with a x86 CPU by design.
What about AMD’s processors, are they any different? I don’t think so. The AMD Accelerated Processing Unit (APU) line of microprocessors have a similar feature, where they embed an extra ARM-based microcontroller, but this time directly on the CPU die. Amazingly enough, that technology is advertised as »TrustZone« by AMD. But like its Intel counterpart, no one really knows what it does. And no one has access to the source code in order to analyze the exploit surface it adds to your computer.
What proves the firmware running on your Ethernet or Wireless NIC is not spying on you and transmitting data through some hidden channel? Why can’t Intel ME (or AMD surrogate) be disabled or uninstalled? Why is Intel ME not allowed to be audited and how can a company bypass governmental audit rules?
The idea of the NSA putting hardware in every computer sounds absurd, until you realize it actually happened. It essentially means your data are not safe even though you might have encrypted hard disk. It also means you can not hide anything on your computer and you can not conceal your internet actions. Digital privacy is just another myth, apparently, memorize that before you connect to the web next time.
PS: Interesting to note was insane behavior of my laptop for the whole few days as I was researching and writing this text. Bluescreen system shutdowns, sudden updates, suspended WiFi connection hundreds of times and being unable to load a picture to WordPress are just a few challenges I had to deal with. Some still persist.
 “Intel x86 considered harmful”, https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf , Joanna Rutkowska, 2015
 »Intel x86s hide another CPU that can take over your machine (you can’t audit it)«, Damien Zammit, https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html