Nearly every Intel CPU since Skylake found vulnerable to USB based attack


The Intel Management Engine goes unnoticed by most users, but the subsystem plays a very important role in Intel-based systems. Since 2008, nearly every CPU released by the company comes with the IME which some call a computer within your computer, as it has some pretty eye-opening capabilities. In a computer architecture diagram, it would sit above the CPU but below the operating system. Its purpose is to control the CPU, other hardware, and perform remote administration tasks.

For years the EFF has argued that this “black box” is a huge security threat considering it can control your system even when the computer is turned off. Their fears were brought to fruition this week after security researchers discovered a devastating USB-based exploit.

The firm, Positive Technologies, can execute unsigned code on nearly any computer running the IME through USB. The attack works by exploiting the JTAG debugging ports built into the computer. Many devices including the IME and USB are connected to these ports, but they are supposed to be segmented. The researchers have discovered a way to get past these barriers and execute their code from a USB stick.

Researchers have found previous vulnerabilities with the Intel Management Engine, but this one is unique given how easy it is to exploit. For now this is just a proof of concept that only affects Skylake (2015) and newer platforms. No doubt Intel will move to patch this right away, but it’s still worrisome to many. There is no way to disable the IME since it’s a part of the physical CPU. Without a patch, the only way to protect against this attack is to change out the IME’s firmware.


Please enter your comment!
Please enter your name here