The new technique gives attackers access to the Intel Management Engine from the USB port, by using JTAG debugging via the Intel Direct Connect Interface (DCI). Positive Technologies plans to demonstrate it at the Black Hat conference in December.
At the event, they will show how hackers can run unsigned code on the PCH of motherboards that support Skylake and newer CPUs from the chip giant. What makes this particularly nasty is that this type of malware or spyware would be very hard to detect, a disk format or a BIOS flash is unable to remove it.
Both Positive Technologies and Google are known to be working on methods to disable the Intel Management Engine.Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci pic.twitter.com/cRPuO8J0oG
— Maxim Goryachy (@h0t_max) November 8, 2017