Every modern CPU can do this, but they don't, unless explicitly configured to do so. We know this because it would have been news already if they do. Network activity is suspicious. And Intel ME has been with us for 16 years now!
When Intel proposed the CPUID in the Pentium III, everyone panicked. I felt confident that, if there were nefarious things happening at that level, people would have figured it out. After many months of hand-wringing in the tech spaces of the time (/., et. al.), people started waking up to the fact that Intel had, in fact, already buried the CPUID in the Pentium II all along, and "we" had already been "had." Moral of the story: do not ever trust that "it would have been news already," for anything.
I don't trust the media fully either, but I think that if a proper remote execution vulnerability would have been found, and also exploited en masse, that would surely make the news. And if there wasn't, for 16 years, then I think we can assume that the thing is not more rickety than the rest of human constructed reality.
Also, please note that the discussion is not about possibility. It was explicitly stated that "Every modern CPU does this", and here, "this" refers to "calls home with full access to your everything". Now, that is patently false.
This has never been seen to work.
At the very least, it only has direct access to the built in ethernet adapter.
Communicating with say wifi would be quite difficult, it would need to steal the wifi credentials from any variety of currently running OS, future proof for whatever tricks says Linux does with wifi drivers.
So does this mean we should completely surrender and forget about any privacy and security? By the way, my Librem 15 has a disabled and neutralized Intel ME.
