Security firm Positive Technologies lists being able to execute unsigned code on computers working the IME through USB. The fully fleshed-out details of the vulnerability are yet to be known, but from what we know, it’s bad.
Essentially, the IME is connected to JTAG (Joint Test Action Group) debugging ports. USB ports also use JTAG. For this cyber attack, Positive Technologies figured how to link the gap, although as previously mentioned, they haven’t gone into specifics of how.
Fortunately, this critical attack vector only affects Skylake and above CPUs, although, like I said, moderately every Intel CPU released after 2008 includes the Intel Management Engine.
This isn’t the first time that researchers have revealed substantial security issues in the IME. This time around, the main issue is that it’s exploitable via USB, which is a frequent attack vector. The Stuxnet malware, for the model, which was credited with momentarily interfering with Iran’s nuclear program, was initially spread via infected USB sticks deliberately dropped on the ground.
Here, we can perceivably imagine an adversary achieving godmode on a computer by using the identical tactic because, let’s face it, if someone finds a flash drive on the ground, they’ll probably plug it in.
Frustratingly, it’s obstinate to remove the Intel Management Engine entirely. It’s a physical element, baked into the heart of your computer’s CPU. It is, however, welcome to switch out the IME’s firmware, essentially neutering it.
Interestingly, there’s getting a niche for machines without the technology. One San Francisco company, Purism, sells laptops without IME. When reached for judgment, Purism’s founder and CEO Todd Weaver, said, “The Intel ME, long thought to be the scariest of threats is no longer is just theory. Having an introduction to any Intel machine just above hardware and lower than all software means an attacker or perpetrator has complete control over everything; encrypted storage, secret keys, passwords, business details, everything on your machine or that your computer does. All the things you hoped were safe are not.”