Back in September 2017, Positive Technologies’ experts had expressed interest in the development of a technique that can attack the yet secretive Intel’s Management Engine (IME) technology from the USB port. Now, they have revealed additional information about their plans. According to experts, in December 2017 they intend to demonstrate that they indeed have identified the way to “run unsigned code in the Platform Controller Hub” on any given motherboard through the God-mode hack.
Intel recently switched to the embedded Minix operating system. Researchers have found a vulnerability in IME’s CPU component, a tiny microprocessor that exists within the platform controller, or chipset, of every PC motherboard built for Intel processors.
The IME was introduced to allow functions such as remote booting and administration, but it also handles the initialization of the CPU and its power management.
The Platform Controller Hub is the central point where IME is located; it has its operating system, Minix, its CPU and lets sysadmins to control/configure/wipe machines across a network remotely. The platform is quite useful provided if you need to manage a large network of computers especially in situations where the endpoint’s OS breaks down and does not boot properly.
The security flaw reportedly affects almost every CPU that is part of the Intel 6th Gen ‘Skylake’ Core CPU or newer. It can be bridged to the USB subsystem allowing remote access, which is a common attack vector.
So, when experts state that they can hijack the Management Engine, this means they can take over the control of a box completely regardless of which operating system or antivirus is installed. This is made possible through the powerful God-mode hack attack, which is relatively new and used discreetly to spy upon users or hijack corporate data.
It has long been suspected that the IME allows for undetectable backdoors that governments and other agencies can use to spy on users, but has been difficult to disable because of its deep low-level integration with the system. Some security experts have even touted it to be a black box of exploitable flaws and bugs.