Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."

Beyond scary

[markdavis]

This Management Engine stuff just gets scarier and scarier. Just like intentional backdoors in encryption WILL be found and exploited, these undocumented "systems" within our systems will be cracked and the result can and will be DEVASTATING. It is hard enough to keep operating systems updated and secure. Firmware-level security is not something that can be easily maintained on running machines, even if Intel and friends can put out patches fast enough. I want my machine to be MINE.

These "infected" machines are making their way into our entire infrastructure- controlling everything from power generation, traffic, government operations, military, healthcare, just about everything. Imagine black-hatters, rogue nations, criminals, or terrorists simply bypassing all normal security and just taking control of the hardware and doing whatever they want.

WE ALL NEED THE ABILITY TO ABSOLUTELY DISABLE ME AT THE BIOS AND/OR HARDWARE LEVEL. And we need it NOW!

Oh, and AMD is doing the same thing as Intel, so don't look to them as some alternative.

Could make DRM core accessible

[Gravis+Zero]

This could potentially give people full access to the Intel Insider core which is what all the 4K DRM relies on.

I hope after IME is fully pwn3d that people will start taking a crack at AMD's PSP because I would like to have a fully open system but I refuse to financially support Intel due to their highly unethical and anti-competitive behavior.