The 'evil maid' attack is well known, and states that once someone has physical access to your computer, all bets are off. Anything that has DMA enabled (e.g. Firewire or Thunderbolt) offers an external device direct access to the system RAM that is very difficult to defend against, or they could attach a keylogger or modify your bootloader, basically unleash all manner of havok. USB JTAG is really no different from a security POV.
The concern with the Intel ME is that it has a native network adapter. You can bet efforts are currently underway to discover how to exploit the ME remotely. THAT'S when things get scary.
Your paranoia is not unjustified. Personally, I am nervous that some of my systems have the ME. When attention turned to it about a year ago, i knew it would only be a matter of time before someone broke into it.
> The concern with the Intel ME is that it has a native network adapter.
Yep, this is the big deal. After I "discovered" the ME, my first stop on my home network was the switch, to block all that crap. (And I found my storage server, equipped with a Supermicro all-in-one motherboard, helpfully grabbed an IP for the ME to listen on with an 'admin/admin' password.)
I just wish the empire builders at the NSA would care about something other than their own little power center. They knew this would happen - it always does. The NSA is probably the biggest security threat to the U.S. people[1] at this point, because they keep building concentrated, high-value targets and then lose control of them.
[1] Not to be confused with 'U.S. government interests'.
> Anything that has DMA enabled (e.g. Firewire or Thunderbolt) offers an external device direct access to the system RAM that is very difficult to defend against
IOMMU effectively solves the "DMA is completely broken" problem, as far as I'm aware.
Evil Maid attacks are mostly worrisome because even UEFI cannot protect you against some bootloader attacks (what if you disable UEFI or reflash the firmware and then have a bootloader that just looks like a UEFI boot). There are some usages of TPMs that seem quite promising (they revolve around doing a reverse-TOTP-style verification of your laptop to ensure that the TPM has certified the entire boot chain).
It's quite a hard problem, made significantly harder by the fact that every fucking hardware vendor seems to want to make our machines even less secure.
The problem is hard mostly because the entire architecture of the personal computer made absolutely no provision for security. Everything is patches upon patches to add superficial security. Fundamentally, a computer is dumb, it will perform whatever task it is told to do, and all our security measures revolve around stopping a malicious actor from telling the computer to do something 'bad'. Eventually, someone gets around the bouncer or in through an open window and here we are.
My point here was not about it coming from a USB JTAG, but by it targeting ME AND having full debugger access, meaning it isn't limited to reading nor to RAM/volatile memory.
Through this attack, they could compromise the ME longterm, which means the long accepted "nuke it from orbit" solution to security breach (unplug everything, format everything, start from scratch) still wouldn't be enough; that entire chip is done for. And 'using a hack to cleanup the hack' is still in the realm of cleaning up rather than start from scratch, it's not a solution for the same reason than cleaning up your comprised linux box is not one and you need to start from scratch.
A couple of years back, and being absolutely horrified at the remote management available on my second-hand lenovo t420s - including management over wlan.
Sure the features are gated by price/cpu "brand" - but I think it's safe to assume a) this is complex software and will have bugs with security implications b) once it's well enough understood - it seems likely it can be "upgraded" (similar to how you today can eg: replace the bios with coreboot).
The conclusion is that we need new platforms - perhaps power5 will help.
The physical access required for an evil maid attack is very different from the "physical access" required to give you a malicious USB device. In that sense this is a lot more scary. As are aforementioned Thunderbolt and Firewire attacks; without an IOMMU, those are a security nightmare too.
An important aspect of an evil maid attack is that it requires at least two instances of physical access, once before and once after use by an authorized user.
If the attack can he pulled off with only one time access, it’s worse than an evil maid attack.
The concern with the Intel ME is that it has a native network adapter. You can bet efforts are currently underway to discover how to exploit the ME remotely. THAT'S when things get scary.
Your paranoia is not unjustified. Personally, I am nervous that some of my systems have the ME. When attention turned to it about a year ago, i knew it would only be a matter of time before someone broke into it.