In fact, EFF's fears are not unfounded. Security company Positive Technologies report says:It has been able to execute unsigned code on a computer running IME through the USB interface.
Simply put, IME is connected to the JTAG debug interface, and the USB port uses it. In the demo of Positive Technologies, we mentioned the method that can be opened up.
To say that it is this kind of attack only affects Skylake and processor of the platform. But we can not ignore the fact that Intel has been incorporated into the management engine almost every CPU released since 2008.
Screenshot of IME installation interface (via:Association knowledge baseThe same below)
This is not the first study personnel exposure with "Intel management engine" subsystem related vulnerabilities, just Positive Technologies found a way to attack through USB interface.
Previously, the Iran nuclear project has been temporarily interrupted by "Stuxnet", and the route of transmission of malware is through the contact of some special USB equipment.
Imagine, if you picked up a suspected USB storage disk on the ground, will receive the first time on the computer to find clues about its owner? For an attacker with ulterior motives, it can be described as "kill death."".
The most frustrating thing is that we can't completely remove the IME components.Because it exists physically and is embedded in the core CPU of the computer. The only way to prevent it is to turn off the IME firmware.
Ironically, devices without IME components will become more sought after in the marketplace. For example, a company in San Francisco, called Pruism, is touting a IME free laptop.
PurismFounder and CEO Todd Weaver said in an interview: "for a long time, Intel management engine component was regarded as a theoretical threat, but it has now been confirmed".
An attacker or criminals, a computer can complete control without the aid of advanced soft hardware, accesses the storage encryption, password key, financial statements and all other information, all the security you expect will cease to exist.
Purism has banned IME on its laptop very early because we know it's a threat to reality. It's just a matter of time.
Our company is the only one in the shipment default disable IME notebook manufacturers, and to strengthen the hardware security, so that global users can benefit from it.