Do consumer computers include components that can connect to the internet when the computer is apparently turned off?

Question

I have seen many claims that devices such as laptop computers contain components that can "connect to the internet" even when the main device is powered off. The implication is that such devices could be backdoored by the NSA or others in order to share private data without the user's knowledge.

One example, which would affect nearly every laptop and desktop computer, is that the Intel Management Engine (a controller chip in Intel processors which, for design reasons, is able to access all data being processed by the computer) updates its own firmware autonomously and can connect to the internet (in order to do so?) even when the computer is powered off.

Here is an example of such a claim, from an answer on Information Security Stack Exchange:

Intel ME features a processor attached to your CPU, which runs closed-source software and which can access all your hardware and main memory. It operates without being visible to your CPU, but can see all your CPU does and control it. It can update itself and connect to the internet even when your computer is turned off. It's pretty damned creepy to me.

Is it true that the Intel Management Engine, and/or similar components in other brands of processor, has the capacity to connect autonomously to the internet when the computer is powered off?

@Oddthinking I don't really agree with your edits which narrow the scope of this question to a specific processor brand. I used the Intel Management Engine as an example (applicable to a wide majority of desktop/laptop computers), but this capability is also often rumored for other computing devices, especially smart phones, which use other processor brands. The intent of the question was whether this can or does happen at all; not just with Intel's IME. — Caesar, Jun 06 '16 at 18:37
I'm also unsure whether your edited title even makes sense. What is an "Intel ME device"? Does it refer to "a device which uses a processor with the Intel Management engine", or to the Intel Management Engine itself? It's not clear to me. — Caesar, Jun 06 '16 at 18:38
Suggested revised title: "Do (some) modern computers include 'management' components that can connect to the internet when the computer is apparently turned off" ... maybe that's too verbose? — zwol, Jun 06 '16 at 22:49
The general (rather than Intel-specific) term for this feature is [lights-out management](https://en.wikipedia.org/wiki/Out-of-band_management) and it's been common for some time in motherboard designs intended for use in server farms. It's *supposed* to be under the control of the legitimate sysadmin, but even if there are no *intentional* backdoors, the vendors' track record in avoiding exploitable bugs has been [quite poor](https://www.google.com/search?q=lights-out+management+exploit). — zwol, Jun 06 '16 at 22:53
Yes, and this feature is used for [Wake-on-LAN](https://en.wikipedia.org/wiki/Wake-on-LAN) to remotely turn on your computer which is useful for remote desktop control. — Keavon, Jun 06 '16 at 23:17
Thanks @zwol, I've edited the title to a *slightly* shorter variant of your suggestion. It's still quite long, but much clearer now IMO. Thanks also for the generic out-of-band management Wikipedia link. I will modify my answer to include some more generic references based on what I read there. — Caesar, Jun 07 '16 at 01:33
@Keavon I have no doubt that the functionality has legitimate (and useful) uses. However there are many users who find such capabilities extremely worrying (for lots of reasons, some more valid than others). — Caesar, Jun 07 '16 at 01:35
Here are some of the reasons I made the changes I did: (1) When the claim is non-specific (all sorts of computing devices), it becomes unfalsifiable. No-one can reasonably say "No, there is no such device." (2) You didn't give examples of such claims. The only claim you gave was specific to Intel ME. (3) We have had questions like this before (e.g. about mobile phones) and it degenerates into "What does 'turned off' mean?" e.g. A machine with "Wake-On-LAN" isn't *really* turned off. For devices as complicated as a phones and laptops, there are a range of levels of "off". — Oddthinking, Jun 07 '16 at 01:44
(4) I used some of my own knowledge of lights-out management to know the technology has been around for years as an expensive add-on for servers on racks, but that doesn't address the concern being expressed that *your consumer laptop* might, unbeknownst to you, have such technology built in. Asking the general question may invite answers that address a strawman. — Oddthinking, Jun 07 '16 at 01:49
Thanks @Oddthinking, I agree that that's valid reasoning, though I feel that perhaps a mddle ground would be best. How do you feel about my recent minor edit? — Caesar, Jun 07 '16 at 01:55
Re wake-on-lan, it is my understanding that that concept normally would apply if the computer is sleeping, but not if it's totally powered off. Whereas AMT works even if the computer is fully powered off (obviously the IME chip never sleeps, but the rest of the machine is off). By "turned off" I mean that I have shut the computer down; the operating system and the BIOS have been unloaded from memory. — Caesar, Jun 07 '16 at 01:55
I agree that this qiestion is potentially similar to some questions about mobile phones; but I feel it's not the same question because a laptop or (especially) a desktop is normally considered to be fully turned off after you have shut it down, and most people would not consider it possible that it could still be connected to the internet and potentially downloading and installing compromised firmware or software while it seems to be fully powered off. — Caesar, Jun 07 '16 at 01:58
I was hoping to avoid arguing about the definitions of "fully powered off" in a world of laptop batteries, CR2032 BIOS batteries, and power-management systems that can independently turn off screens, CPUs, hard-drives and special lights-out management hardware. — Oddthinking, Jun 07 '16 at 02:02
Indeed, it's clearly a blurred line; as you imply. My point here really is that for most people it seems very clear when their computer is "off"; even if as you correctly point out it's hard to actually define. — Caesar, Jun 07 '16 at 02:06
I don't really want to argue the "what is off" point any further, but I just came across [this](https://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interface#Global_states). So we could say per the ACPI definitions that it's in the G2 state. — Caesar, Jun 07 '16 at 04:19
I have a motherboard chosen for a file server that features a IPMI chip. I actually can turn on the computer via the ipmi applet over the lan. Not typical consumer hardware, but common for SOHO servers and embedded PCs. — JDługosz, Jun 07 '16 at 07:34
If you count consoles, they do explicitly feature systems to update and manage when "off". — Agent_L, Jun 07 '16 at 10:38
Putting this in as comment, since I can't provide refference. But my old company had a software on the computers isntalled, which made them able to get powered on. ofer the network. while this was made by usage of a specific networkcard feature, how you ever can be sure, there are no undocumented features supported, behaving the same. — Zaibis, Jun 07 '16 at 11:18
@Caesar Wake-on-lan, at least as provided by the NIC BIOS (if enabled) works as long as the motherboard has power at all, e.g. the state between when you turn on the hard switch on the power supply and when you actually turn on the power with the main soft switch. It's effectivly the NIC pressing the soft switch for you. — Weaver, Jun 07 '16 at 19:35
(Also I Wake-on-Lan just listens to the noise coming across its wire and watches for a pattern; it doesn't connect to anything or even relate to any protocol higher than isolated ethernet frames.) — Weaver, Jun 07 '16 at 19:39
Similar, but different, from 2006: http://www.cnet.com/news/fbi-taps-cell-phone-mic-as-eavesdropping-tool/ — tniles, Jun 07 '16 at 20:34
@StarWeaver, indeed. I don't think wake-on-lan is really relevant to this question since it's a fully passive system and quite different in scope to AMT for example. — Caesar, Jun 07 '16 at 23:53
WOL is extremely relevant regarding the title (which by the way should be replaced with the final paragraph). — Mazura, Jun 08 '16 at 14:14
WOL is a passive system which simply wakes the machine when it hears a certain pattern on the wires. It does not "connect to the internet". — Caesar, Jun 08 '16 at 14:27
@Mazura Eh, the title says "connect to the internet", WOL dosen't connect to anything. Even using it as intended on IPV4 requires access to another host on lan to send the packet, or having a port forward set up to the "off" target and trying to send it over that. Oh, and you need the physical MAC up front also. … Not sure if IPV6 removes the tunneling requirements or not for this. — Weaver, Jun 08 '16 at 14:27
This is what power strips are for. Even if the PC has some kind of non-mains power aboard, your cable modem does not, and it is unpowered. If that is not enough for you, unplug the network cable. What? You don't use cables? Well, what do you expect in terms of security then? — , Jun 08 '16 at 17:45
maybe not "powered off" by a strict definition, but increasingly, devices are being released with 'always connected' - ahem - 'features', which are intended to let internettish events occur even while the computer is on sleep, e.g. monitoring for new emails, etc. I wish I could remember some of the specific brand names for this, but I recommend searching anyway. — underscore_d, Jun 08 '16 at 20:30
Consider how dangerous such a feature would be, and how sought after by hackers. The ability to read/write to the RAM of any Intel based PC and server (you would have a backdoor to 80% of the world's computers... You also would have to consider the viability. A chip capable of monitoring the CPU would require a processor equally or more powerful than the CPU itself. Imagine the manufacturing cost of it. — César, Jun 09 '16 at 17:28

Caesar · Accepted Answer · 2016-06-09T17:02:10.467

112

Yes, most modern computer processors include hardware with the capability to fully control all components of the computer (regardless of the power state of the system as a whole), to access all data while the computer is running, and to connect to the internet (in any power state).

However, the remote control aspect of the functionality this hardware provides is not enabled on most devices targeted at the consumer market.

Intel Management Engine (and similar systems)

The Intel Management Engine, referenced in the question, is present in almost all Intel chips sold since 2006. It is an independent computing environment, which has access to (and control over) the main processor, the memory, the network interfaces, and other systems.

One of the primary purposes of the ME is security: it verifies the integrity of the firmware running on the processor and on the Trusted Platform Module.

Additionally, the ME enables a remote management system for enterprise use, called AMT (see below). Most consumer devices ship with this functionality disabled in the firmware.

AMD has a similar system called PSP.

Remote management (AMT etc)

One of the services provided by the Intel ME is called Intel Active Management Technology. AMT enables "lights-out management", meaning it enables system administrators to remotely control and modify virtually all aspects of the system, including the ability to download and update software and firmware regardless of whether the computer's operating system is running. (Obviously the battery or power supply has to be connected.)

This type of remote management originated in servers, where it originally used a dedicated network interface. However AMT uses the system's normal built-in networking interfaces including ethernet, wifi, and (in rare cases) 3G.

AMT is part of Intel's "vPro" technology, which is found in a wide variety of devices. It is primarily targeted at enterprise users, however it has made its way into may devices available on the consumer market including laptops primarily targeted at business use, as well as high-end gaming hardware.

The AMT system is normally not enabled on computers targeted at the consumer market; however the hardware is still there and the Intel Management Engine is still active because it provides other functionality too (see above).

Security

It is important to note that the one of the main purposes of the Intel Management Engine and similar technology is to increase security.
Because it verifies the integrity of the firmware running on the processor and other vital system components, it ensures that this firmware has not been modified or replaced with potentially malicious versions. (Or any other modifications – it simply ensures that only the original firmware can be used.)

However, the Management Engine itself is not entirely immune to compromise.
In the past researchers have been able to remotely compromise the system and gain control of machines without physical access to them.

Another concern (more relevant to high-risk users such as non-US governments and political dissidents) is that technically there is no reason why the Management Engine (or similar components in other chips) couldn't contain backdoors allowing government agencies the same access and control over the system.
Intel is a US company (though a significant part of their engineering is based in Israel), and they could be required by US government to implement hidden backdoors.
Since it is impossible to audit the firmware, no proof either way is possible as to whether backdoors exist or whether the risk is purely theoretical.

This Hackaday article is informative, if somewhat hysterical, look at the features and security risks of the Management Engine. (Thanks to @William-remote for sharing it in a comment on his answer below.)

Further references

See Intel's page on AMT.

In the past Intel provided an anti-theft service to enterprise and consumer markets, whereby the ME would regularly check ion with Intel servers and disable the computer if it had been reported stolen. Intel have now discontinued this service.

An HP document on the use of AMT (thanks to Igor Skochinsky for sharing in his answer below).

There is a generic set of standards for a functionality similar to AMT, called IPMI.

I hadn't expected to answer this question myself, but having done some research I felt I was in a position to do so.

Thanks to everyone who has contributed with additional information. I will continue to incorporate any new information I find into this answer.

edited Jun 09 '16 at 17:02

answered Jun 06 '16 at 19:03

Caesar

1,687
3
14
18

7

Note, I will not accept my own answer yet: Hopefully someone else will be able to provide a more general response which incorporates information on technologies other than Intel. However, this answer does show that such remote access in a powered-down state is fully possible. – Caesar Jun 06 '16 at 19:04
13

The Intel page you linked to actually has a footnote for the KVM (i.e. remote operator access) which implies (to me at least) that tech is only available on a small subset of their CPUs that are targeted to an enterprise market. I.E. I've not seen anything yet which implies that KVM functionality is available in any ol' Intel processor you might be using. – bloopletech Jun 07 '16 at 01:30
@bloopletech, that's interesting. In fact the whole page seems to only be applicapble to "processors with Intel® vPro™ technology and workstation platforms based on select Intel® Xeon® processors". I am unsure whether normal i3, i5, and i7 chips include "vPro technology", but I know that the LibreBoot project claim to disable the IME in their modified IBM thickpads (with older Pentium and Core 2 Duo processors). See https://libreboot.org/docs/hcl/gm45_remove_me.html – Caesar Jun 07 '16 at 01:46
1

Per Wikipedia, "Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family." Anyhow, it doesn't really matter about the exact models; the point is that the technology exists and is in use. – Caesar Jun 07 '16 at 01:50
You could also consider Magic Packet in which a specially created packet can be sent to a LAN NIC card which causes it to wake the host machine. PXE can be used to send an image to boot from rather than from the host machine. Yes, they can be turned off - if you believe that those functions haven't been hacked. – Blackbeagle Jun 07 '16 at 02:03
2

@Blackbeagle, if you're referring to wake-on-LAN, wouldn't that normally only wake a sleeping computer rather than actually booting one which was apparently powered off? – Caesar Jun 07 '16 at 02:09
3

No, supposedly prior to Win 8, when a computer shuts down, it set WOL capability on the card to be able to wake from S5 - total off - state. Win 8 and above supposedly don't set the card for this, but - who knows. – Blackbeagle Jun 07 '16 at 02:12
11

-1 for not answering the question. It, at the time of my vote, very clearly starts with `Do consumer computers...` References provided in the answer do not seem to apply to consumer products. – AndrejaKo Jun 07 '16 at 05:23
3

@AndrejaKo, per the liked Wikipedia article, "Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7". These are mostly consumer computers. Perhaps I should edit my answer to refer to that fact. – Caesar Jun 07 '16 at 05:28
6

@Caesar I disagree with your interpretation, because same systems are user in non-consumer applications like those described on the Intel's page you linked to. In my opinion, the fact that this is targeting consumer systems instead of industrial has not been sufficiently proven. – AndrejaKo Jun 07 '16 at 05:39
@AndrejaKo maybe it depends how you define "consumer". I would consider the ThinkPad (which definitely has this feature) to be a consumer device, even though it is also commonly used in enterprise settings. There is no hard line. Incidentally, if you or anyone else can provide an answer or reference which contradicts me or provides more detail (also detail about non-Intel equivalents) I'd be very interested. That's why I haven't accepted this answer yet. – Caesar Jun 07 '16 at 05:48
1

@Caesar OK, I understand from where your reasoning is coming from, but I still disagree. I'm right now a bit short on time, so I can't promise an answer, but I will try to make one. – AndrejaKo Jun 07 '16 at 06:10
1

One potential benefit to consumers may be that it makes everything cheaper - things that are common to server and client systems will tend to make both server and client systems cheaper, due to improved yields from mass production. I don't know if this is part of the reasoning for the inclusion of the feature in consumer hardware, but it's a point to consider. – Luaan Jun 07 '16 at 08:08
2

The technology is generally referred to as [IPMI](https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface) (or out-of-band management, as in the wikipedia link), and while it's almost ubiquitous in server platforms these days, you have to go hunting for it or specifically request it on desktop platforms or consumer devices - it's not generally available for these platforms, as there isn't much of a market for it. Do note that there's a difference between having hardware support for a feature, and actually having that feature installed and functional. – HopelessN00b Jun 07 '16 at 10:31
1

"Currently, AMT is available" means that it's installed in SOME, not ALL of them. – Agent_L Jun 07 '16 at 10:36
1

It's marketing: Systems marketed to consumers don't have this functionality, while systems marketed to business and enterprise generally do. Of course it's easy enough for anyone to buy a system from either segment, and sometimes, to not know which segment the computer was marketed to. – Michael Hampton Jun 07 '16 at 10:46
3

This answer is wrong. Lights-out management has nothing to do with a consumer computer automagically connecting to the internet and downloading firmware - it is a tech that is used to connect to a management server, over local network. Those are really different beasts! – T. Sar Jun 07 '16 at 13:24
2

Wouldn't an interface available on the local network be open to the internet (unless you have a firewall on your router blocking those ports)? From another website about vPro: "Easy-to-perform remote secure-erases become even more valuable if a PC is stolen or if an employee has been let go". Certainly implies access over the internet (and presumably the device phoning home, as otherwise you wouldn't know its IP address to contact it). – Caesar Jun 07 '16 at 15:30
2

This answer provided to be true absolutely terrifies me. The fact that anyone is accessing my computer for any reason while I'm not on it is dubious at best, especially without my permission. +1 – Anoplexian Jun 07 '16 at 15:39
1

Just because the technology is not "targeted" toward the consumer market does not mean that it is not present on consumer devices. I do not have explicit references for this, but a company will sell you something that is cheaper for them to produce. This is the same reason, by the way, that ashtrays are still installed on passenger jets rolling off the production lines today. – Michael J. Jun 07 '16 at 16:18
3

@MichaelJ.: The ashtrays are required by the FAA; it has nothing to do with cost of production. – Nick Matteo Jun 07 '16 at 17:16
2

@ThalesPereira Lights Out doesn't have to be over the local network. I use Lights Out over my WAN regularly. I wouldn't be able to troubleshoot many remote devices properly without it. – corsiKa Jun 07 '16 at 17:23
1

@kundor It's debatable whether the FAA requires ashtrays for a legitimate reason or whether it is simply cheaper to keep requiring them. It would be hugely expensive for the FAA to change their regulations and even more so for manufacturers to comply. See: http://travel.stackexchange.com/questions/53559/why-are-there-ashtrays-in-the-bathrooms-on-nonsmoking-flights – Michael J. Jun 07 '16 at 17:26
@Caesar the very point of lights-out (and the meaning of Out-of-band ) is to have dedicated socket on the computer which is connected to dedicated cable which runs dedicated (and very different from the internet) protocol. vPro is a software solution with a bit of hardware support. – Agent_L Jun 07 '16 at 17:52
@Agent_L I understand that that is the case with server solutions. However, it appears that the consumer-type devices (by which I mean laptops, workstations, tablets, hybrids; possibly aimed at enterprise but also used by other power users) which use vPro technology do *not* use a separate (physical) socket; rather the interface is available over the existing ethernet or (more commonly) wifi connection. Certainly the case of remote wipe in the event of theft, mentioned above, would depend on this fact. – Caesar Jun 07 '16 at 18:28
1

FYI, I discovered some of my powered-off computers booting themselves up in the middle of the night, in the 1990's. Though in that case it they were turning the whole computer on and booting the OS. It was a "feature", of course, and it was possible to set them not to do that. – Dronz Jun 07 '16 at 19:47
2

Of special note: https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits – Iiridayn Jun 07 '16 at 21:08
How in the world is it going to update software with no power to the HD? – Mazura Jun 08 '16 at 14:04
@Mazura it can provide power to the HD if the operator wants to do that. It can boot the computer. – Caesar Jun 08 '16 at 14:10
Well then it's not off anymore, and it's *not* "regardless of the computer's power state." – Mazura Jun 08 '16 at 14:13
"This answer provided to be true absolutely terrifies me" - avoiding that is precisely why this site exists. There's no reason to be freaking people out about hardware they don't even have or things that cannot happen. – Mazura Jun 08 '16 at 14:21
The point is that the IME is always powered up and internet connected, even if the machine is in the G2 (S5) power state (ie, powered down). Clearly certain capabilities such as reading or modifying the contents of the hard disk would involve powering up those components (and certain capabilities would involve powering up the machine as a whole or booting the OS, in which case the machine would *no longer* be "powered down"). If necessary, the IME has the capability to do this. – Caesar Jun 08 '16 at 14:23
Datacenter grade hardware will often have a second/third dedicated network port, which the IPMI system can be told to exclusively use, often on a dedicated and protected network segment. Often done that way because you want these things off your actual production network. – rackandboneman Jun 08 '16 at 14:58
@Caesar: I think the important question is whether these features are enabled by default on consumer products, or disabled. And how a consumer can find out. If they are enabled, then I'd be worried -- and would also, by the way, want to know how I could use them myself, if for no other reason than to know how they work. If disabled, then I wouldn't care; it wouldn't allow any external entity access to the computer to begin with... – user541686 Jun 08 '16 at 16:53
FYI, AMT does not implement IPMI but a custom Intel protocol based on WS-Management. IPMI is usually handled by a completely separate processor/board called BMC (Baseboard management controller). AFAIK there was an effort by Intel to make an 'uBMC' based on ME but it didn't really go anywhere. – Igor Skochinsky Jun 08 '16 at 18:43
@Caesar: as Agent_L mentioned in his comment, the IME is not "Internet connected", unless the user runs a dedicated cable to a router, the router assigns an ip address, and the router allows this ip to connect to the wild. This doesn't happen by default, in particular the cable part. – Martin Argerami Jun 09 '16 at 05:44
@Caesar Look up current Intel chipsets - only the Q (corporate) supports vPro, it's unavailable on consumer chipsets – Agent_L Jun 09 '16 at 11:25
1

@MartinArgerami this is wrong, as various people have pointed out above. In datacentre systems, yes, it is as you say, for the reasons pointed out by rackandboneman. However in most systems with the IME (and certainly any consumer ones) it uses the PC's built in networking - ethernet, wifi, and occasionally 3G. – Caesar Jun 09 '16 at 15:26
1

@Agent_L, I think it's important to distinguish between whether the vPro / AMT *functionality* is *enabled*, and whether the hardware has the *capabilities* described. My question was about the latter (because the firmware capabilites are largely unverifiable), though the former is certainly relevant and interesting information also. I will update my answer to make more of a distinction and to note that the remote-access functionality is not normally enabled on consumer devices even though the hardware capability is present. – Caesar Jun 09 '16 at 15:30
@Caesar - yes, this is what I said. Most consumer Intel chipsets are not capable of vPro. – Agent_L Jun 10 '16 at 11:31
@Agent_L, that's not my understanding from what I've read. So far as I can see the ME is present in most Intel chipsets and has the capabilities described, despite the fact that vPro is not available on all of these chipsets. However, I hope you will provide an answer according to your own understanding. – Caesar Jun 10 '16 at 14:19
Are/were there any known exploits to a disabled AMT? Or only when it was first enabled? – Dessa Simpson Jun 10 '16 at 19:51

Igor Skochinsky · Answer 2 · 2016-06-10T10:55:50.163

Let me answer the actual question:

Is it true that the Intel Management Engine, and/or similar components in other brands of processor, can connect autonomously to the internet when the computer is powered off?

In case of ME, the answer is "maybe, in some cases, but usually no". First, there is a question of what specific kind of ME you have. There are two main categories: "consumer" (1.5MB) and "enterprise" (5MB). Only the latter implements the AMT functionality for remote management. Also, there must be an Intel Ethernet chip on board connected directly to the ME (which is not always the case).

Then there is the "connect autonomously to the internet" statement. The ME does have its own MAC and IP address (separate from the host) which allows it to communicate with the management PC but it does not really "connect to internet" on its own. Usually it only replies to the management requests during provisioning.

Now, for a few years, Intel had a version of ME for mobile chipsets (used e.g. in laptops) which had an option of using the 3G wireless connection. If the ME was provisioned and configured by the user or their IT department and enrolled in the Intel's Anti-Theft program, it would periodically try to check in with Intel's servers (possibly via 3G) to see if the device was reported as stolen. In such case, it would display a message on boot and lock the PC so it could not be used, or shut down automatically after a short time. AFAIK, Intel no longer produces such chipsets and the 3G connection is not supported in the current ME versions. Anti-Theft feature has been discontinued as well.

Thanks for the answer, which contains some interesting information. However, I should like to make a clear differentiation between the *hardware* having the *capability* to connect to the internet in the manner asked about, and the *software* (or rather firmware) actually *enabling* the use of this functionality. Both are certainly interesting and relevant, but the question was primarily about the former - if for no reason other than that it is almost impossible to independantly verify any claims made by the manufacturer regarding the latter. — Caesar, Jun 09 '16 at 15:34
I hope you don't mind if I update my own answer to include some of the information you provide! :-) — Caesar, Jun 09 '16 at 15:36

Do consumer computers include components that can connect to the internet when the computer is apparently turned off?

2 Answers2

Intel Management Engine (and similar systems)

Remote management (AMT etc)

Security

Further references