Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."

Designing hidden access is bad for Intel.

[Futurepower(R)]

Maybe they should make a movie, "Why Intel went bankrupt."

How can you deliver Intel (and AMD) computers to customers knowing that there is secret control by unknown agencies? Do you tell the customers? If you don't tell the customers, can you be taken to court and sued for damages?

Does anyone think that secret government agencies are well-managed? No one at a secret agency would ever steal?

Could the problem be solved by isolating Intel computers from the Internet, providing internet access from other computers, and providing some secure method of data transfer?

This Ask Slashdot story didn't get sufficient attention, in my opinion: Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer?

The problem of hidden access is not just with Intel and AMD. Microsoft does it: Windows 10 is possibly the worst spyware ever made Quote: "Buried in the service agreement is permission to poke through everything on your PC.