"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."
They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."
What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.
HardOCP reports that Management Engine "is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation... In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system."
Purism writes: Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process, has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery... "Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops. It is also available as a software update for previously shipped recent Librem laptops," says Todd Weaver, Founder & CEO of Purism.
Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."
1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."