Proof-Of-Concept code has been published for Intel Managment Engine JTAG by a group of security researchers who have since also discovered an undocumented configuration that disabled Intel ME.
What Can Hackers to with this Flaw?
A Hacker can exploit this flaw and create a backdoor to gain full control over the system. The flaw was patched but later a group of security researchers have found a new way to access the JTAG (Joint Test Action Group) that implements the Intel Management Engine. The JTAG feature also provides special USB 3.0 debugging connectors.
“A special USB 3.0 debugging connector is also important, though those who enjoy hacking hardware can make their own by separating the D+, D-, and Vcc contacts on a USB 3.0 Type A Male to Type A Male cable.” reportedElReg.
The PoC incorporated the work of Dmitry Sklyrav the exploitation flaw requests physical access to the USB device. The critical remote code execution flaw has been given CVE – 2017-5689. The flaw was present in the Remote Management Chipsets in all Intel CPUs that were shipped over the past 9 years.
How many Technologies Are Affected?
This vulnerability is currently affecting Intel Technologies such as Active Managment Technology, Small Business Technology (SBT) and Intel Standard Manageability (ISM). The Electronic Frontier Foundation have advised Intel that they should find a way to disable the Intel Management Engine. The company has issued a patch for the security vulnerability (INTEL-SA-00086) on Feb 2018.
At present, the PoC works on a Gigabyte Brix GP-BPCE-3350C and the exploit has a dependency as it requires TXE firmware 3.0.1.1107 which is available from some Intel Partners.
You can find the POC project on GitHub HERE