Back in September 2017, Positive Technologies’ experts had expressed interest in the development of a technique that can attack the yet secretive Intel’s Management Engine (IME) technology from the USB port. Now, they have revealed additional information about their plans. According to experts, in December 2017 they intend to demonstrate that they indeed have identified the way to “run unsigned code in the Platform Controller Hub” on any given motherboard through the God-mode hack.
IMEs are built into the chipset, and their security has been questioned by security experts for a long while some have even touted it to be a black box of exploitable flaws and bugs. The Platform Controller Hub is the central point where IME is located; it has its operating system called MINIX, its CPU and lets sysadmins to control/configure/wipe machines across a network remotely. The platform is quite useful provided if you need to manage a large network of computers especially in situations where the endpoint’s OS breaks down and does not boot properly.
So, when Positive Technologies experts state that they can hijack the Management Engine, this means they can take over the control of a box completely regardless of which operating system or antivirus is installed. This is made possible through the powerful God-mode hack attack, which is relatively new and used discreetly to spy upon users or hijack corporate data.
Positive Technologies has further revealed that the latest IME versions are equipped with JTAG (Joint Test Action Group) debugging ports, which can be accessed through USB. These ports allow a user low-level access to the code running on a chip. This is quite a threat for Intel because using the technology anyone can remotely exploit the firmware responsible for running the Management Engine and identify security vulnerabilities.