How Purism Avoids Critical Intel Security Exploit

Todd Weaver

Founder and CEO
PGP Fingerprint: B8CA ACEA D949 30F1 23C4 642C 23CF 2E3D 2545 14F7

Intel dropped a fairly large bombshell on the world May 1st, 2017, when they published a security advisory that explains how nearly every single Intel chip since 2008 is now vulnerable to a remote exploit through AMT, even when powered off.

Purism, which uses Intel chips, happens to be immune to this very nasty threat. Purism happens to also be the only manufacturer where all products are designed specifically to be immune to this very substantial threat. Purism is able to accomplish this thanks to its strict belief in digital rights for users and adherence to its social purpose; it is this philosophy that brings Purism to systematically remove exploitable firmware from the computers it makes, and users are all the better for it.

We already published a lengthy article on the potential of this type of threat, which you can find at How Purism Avoids Intel AMT, but in case you wanted the shorter version:

  1. We choose Intel CPUs that do not have the hardware enabled to be exploitable (no vPro/AMT)
  2. We avoid Intel networking, to remove this exact threat (no Intel networking, no remote exploit from exploitable firmware)
  3. We neutralize the exploitable firmware

The larger message rings true; if you can’t control the computer, the computer controls you. This turn of events highlights that fact clearly; this exploitable Intel firmware is a binary at the lowest level of the CPU, outside the view of the user, allowing for anybody to use it to gain full control of the computer, even when the device is powered off. This represents the worst of all possible security vulnerabilities, and we are very proud to have a philosophy that makes our products the only high-end current hardware offering that can safely avoid this Intel security exploit.