Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."

Re: MODERATION IS CENSORSHIP

[140Mandak262Jamuna]

You here the right to speak. We have the right to ignore you. It is our freedom of speech to call you a crack pot.

Re:Please explain

even an AC on this site should be smart enough to know the difference. if you can't, perhaps you should go run along to reddit or some other site where the users and their submissions are down at your own comprehension level.

vulnerabilities in linux kernel drivers for usb are relatively easy-to-fix *SOFTWARE* issues.

the code is worked-on and reviewed by multiple, independent parties; and can also be examined and compiled by end users.

vulnerabilities in intel management engine are not. they are flaws in the *HARDWARE*

the feature is embedded in the silicon of every fucking processor they manufacture. a similar feature is also found inside the more recent amd processors as well. problems here would require swapping hardware (processors, processors and/or bios). these features and the firmware that controlls them are closed-source, proprietary, and not documented for the public. you have to give blind faith and trust to hardware vendors (intel, amd, bios producers, motherboard manufacturers, etc) to actually fix the vulnerabilities and/or allow the total and irreversible disabling of the features.

Intel ME is awesome

What I hate about all these stories? We have security researchers who decry the evil of Intel ME. How it can be used to fully control a system. How it allows remote access. You know, those are GOOD things. The only bad parts are (1) it's closed source, (2) it has security vulnerabilities, and (3) the owner (whether it's a corporation or a single person) doesn't have control over it. What I want to see is not the Intel ME disabled. I want to see it turned into a bare bones OS precisely for the average user to remotely log in, flash a new BIOS (or recover from a brick), and to maximize control over things like power settings, usb access, etc.

There's nothing wrong with a God mode. They key is making sure the right person is God.

Re:Intel ME is awesome

[MrKaos]

There's nothing wrong with a God mode. They key is making sure the right person is God.

Yeah, I'm kinda thinking that if the management engine is on the machine and it is MINIX, I'd like to use it myself to, you know, manage the machine. I'm pretty sure I paid for it.

Re:MODERATION IS CENSORSHIP

[MrL0G1C]

Posting as AC is self-censorship.

This isn't a bug

This is not an exploitable bug, it is an NSA feature.

A very important front for software freedom

[jbn-o]

WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!

What you're describing is software freedom. And you deserve software freedom for all of the computers you own. You should be allowed to run, inspect, share, and modify the BIOS, "Management Engine" (or workalike), and all of the other software on the computer including any encryption keys used. Fortunately for all of us people are working on different architectures and on freeing common architectures, so I hope you'll help them.