Intel AMT on new Thinkpads

I got the huge (but pretty) Thinkpad T510, with a big screen. It is good enough that I don't use my Macbook Pro all the time now. I've been doing some work on Windows 7 (mostly unrelated to Windows.) It has a gorgeous screen with high contrast, and great battery life. Quite a departure from the other PC laptops, even if it's moderately huge.

However, I wanted to grump about one thing. There's a whole lot of "remote management" software installed by default on this machine.

One technology is Intel's AMT. It runs a webserver on port 16992 underneath your operating system. It's not entirely obvious how to login or change settings for it. I never figured out how to change the settings, but I was able to disable it through the BIOS.

AMT allows remote reboots, remote web access, and some access to the filesystem.
Intel's RPAT allows remote KVM, also below the OS layer.
Intel's AT is an anti-theft technology that can keep the computer from booting.

All this stuff is shipping on new laptops, some of it vaguely "on". In theory your IT administrator is supposed to configure it and use it to do stuff to your computer, and it's all magically secure for the enterprise.

But this sort of interface massively increases the attack surface to a regular machine. And any worms that manage to also infect this layer could have some serious impact.

And just to be a little bit offensive: my computer shipped direct from China with all this stuff turned on. Given Google's experience earlier this year, configuration like this should probably be turned off by default. Even if it's just to make me feel better.

Consumers shouldn't feel paranoid when they inspect your default settings.

But it is a fine machine otherwise.


  1. Just so nobody reads this and becomes paranoid or alarmed about this software I would just like to point out that Intel's AMT software is hardware based and it is highly unlikely that a virus would be able to compromise your system through the AMT system. You can only turn on and enable RPAT and AT by going through the AMTs software at system boot which is below the OS level.

    So the chance that a virus would be able do this is very improbable.

  2. Most iPhones are jailbroken through boot rom exploits. People have designed whole mesh network stacks to run in wifi chipsets. And overflow bugs in seagate hard drives caused me to lose a lot of drives a few years ago.

    Hardware is software, and it has bugs too.

    Default should be off for all these technologies.