On Mon, Apr 15, 2019 at 7:14 AM ludwig jaffe ludwig.jaffe@gmail.com wrote:
Intel ME has a nic and a switch in the phy to leak out data. So it could also leak out non ethernet data provided the stream is manchester or similar coded to make it over the magnetics of the nic the ME lives in (early version) or has control over.
it's not outside the realm of possibility at all.
i have... empirical evidence which tends to suggest that some sort of low-bandwidth power / data signalling can result in activation of embedded spying backdoor co-processors within intel processors (whether it be entirely hardware-based or whether it's part of the spying firmware i have insufficient information to determine).
being based on power analysis by way of pretty much anything, such activation may occur through a huge variety of channels: remote network access, WIFI data traffic streams, *INTERNAL* (non-networked) scenarios where just opening a file would cause data to be sequentially loaded from disk, cause certain patterns of power-usage to occur that are monitored by the spying backdoor co-processor...
it's an extremely ingenious method, as it doesn't rely on actual physical compromise AND does NOT require execution of any specific application, or in fact any application *at all*
even just being near enough to broadcast bogus WIFI packets would be sufficient to trigger IRQs on the data bus of the machine to be compromised (even if the packets were never actualy processed, and even if the machine were not even running an OS at all).
even if the machine were not sufficiently well EMI shielded, it may even be possible to create the required "spikes" down the Power Supply, or via directed radio bursts.
l.