Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. What’s known so far is bad enough: Intel Management Engine (IME) talks to standard Joint Test Action Group (JTAG) debugging ports. As does USB, so Positive Technologies researchers put the two together and crafted a way to access IME from the USB port.



The linked blog post [in Russian] explains that since Skylake, the PCH — Intel’s Platform Controller Hub, which manages chip-level communications — has offered USB access to JTAG interfaces that used to need specialized equipment. The new capability is DCI, Direct Connect Interface. Any attack needs access to USB which as we know is really difficult. We still don’t know all the details Positive Technologies will show off at Black Hat, but their trailers are sure fun to watch.

Discussion

Source: [H]ardOCP – Intel’s Management Engine, in Most CPUs since 2008, Can Be Pwned over USB