There has been quite a bit of discussion recently regarding the use of a Management Engine (ME), or the code that exists within a CPU but is inaccessible to the user of the computer using that CPU. To quote from the introduction of this PDF:
Intel Management Engine (Intel ME) is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices. Therefore, Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
Several people, including some from within our own community, have expressed concern that any weaknesses in the ME code would provide another attack surface and, guess what? It has been done! This PDF explains just how some people have managed to achieve the hackers dream and our worst nightmare, and details some research on this subject. It even goes so far as to explain how to run unsigned code in the ME, albeit under a limited set of circumstances - thus giving a hacker total control over the system. However, as this is only the beginning of such research in relative terms it does not bode well for the future. Finding the flaw is the first step, learning how to exploit is the next.
The PDF is, by necessity, quite technical but will be understandable by a significant proportion of our community. The report claims that the following CPUs are susceptible to the attacks detailed in it:
(Score: 4, Interesting) by pvanhoof on Saturday December 30 2017, @11:53AM
Quote from the PDF:
We think that remote exploitation is possible if the following conditions are true:
1. The target platform has AMT activated.
2. The attacker knows the AMT administrator password or can use a
vulnerability to bypass authorization.
3. The BIOS is not password-protected (or the attacker knows the password).
4. The BIOS can be configured to open up write access to the ME region.
If all these conditions are met, there is no reason why an attacker would not be
able to obtain access to the ME region remotely.
Also note that during startup, the ROM does not check the version of firmware,
leaving the possibility that an attacker targeting an up-to-date system could
maliciously downgrade ME to a vulnerable version.