thanks Peter and Nico for the information, 
it is really helpful. 

I also agree with the assumption that ME is connected to the internet through the same network card we use.  

But then, there is a familiar statement on the internet, that ME is still running and connected to the internet,
even when the computer is off, as long as it has a battery. 

Let's say, we only use WIFI WLAN cards for internet connection, 
and the WIFI router requires a password for access, 
how ME is still running when the computer is off, and connected to the Wifi router without password ? 




On Sat, Oct 2, 2021 at 1:58 AM Nico Huber <nico.h@gmx.de> wrote:
Hi Hendra,

On 01.10.21 17:43, Hendra wrote:
> I read in Wikipedia that Intel ME has an independent internet connection.
> But what does "independent" mean ?

I don't think that's true. Maybe one could twist the word "independent"
enough so it makes sense, but I wouldn't call it that. I would say a
shared internet connection.

It can use the same internet connection, without your OS knowing. But
that doesn't mean you wouldn't be able to know it. If you have the
machine at hand, and it's not protected by some BIOS password voodoo,
you can just look into the ME settings.

>
> Is it an independent internet connection from the OS ?

Close. The ME firmware (another OS on another core) can use the same
network controllers as your OS. I'm not sure about the details, but
I assume it filters TCP ports to offer its own services. So I'd say
it uses independent TCP ports? *shrug*

A quick search for "intel amt configure ip" led me here [1]. It seems
there was a time when one could configure individual IP addresses for
ME and host OS's, but that ended about 10 years ago.

AMT is the name of the networking software that runs on the ME btw.
Many ME firmware packages don't have AMT at all. So officially, these
couldn't do networking. Absence of a piece of software is hard to prove,
though. And they could plausibly deny having put it there on purpose,
as they could just say they mixed the packages up. That's my biggest
concern about the ME. Intel makes it very hard to see what software
is installed and allowed to run.

AIUI, but I'm not 100% sure, computers with AMT should be tagged "vPro".

>
> or is it an independent internet connection from the network related
> devices ?
> such as: wwan card, wlan card, bluetooth module, wimax card

No, it would use one of those.

> or maybe it has its own secret/hidden independent networking device,
> so it can connect to the internet,
> without depending on Laptop's networking device,
> such as: wwan card, wlan card, bluetooth module, wimax card ?

Very unlikely. And only if they had hidden it very well and implemented
it additionally to the publicly documented networking stuff. If you
suspect a silicon vendor to do that, any of them could. No ME needed.
But it would probably look suspicious under a microscope. FWIW, nobody
has seen something like that in Intel's chipsets. OTOH, usually when
somebody talks about microscope pictures, it's about the CPU and not
the PCH (where the ME resides). So I'm not sure if people actually
look at it.

[1]
https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/configuringtheintelamtipaddress.htm

Nico