Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel® Xeon® Processor E3 Family, Intel® Xeon® Scalable processors, and Intel® Xeon® Processor D Family can potentially allow a limited physical presence attacker to access platform secrets via debug interfaces.

Positive Technologies: JTAG in each house: full access via USB

November 8, 2017November 8, 2017 ~ hucktech ~ Leave a comment

Game over! We (I and @_markel___ ) have obtained fully functional JTAG for Intel CSME via USB DCI. #intelme #jtag #inteldci pic.twitter.com/cRPuO8J0oG

— Maxim Goryachy (@h0t_max) November 8, 2017

It is amazing to see the Intel ME research coming out of Positive Technologies!

Мы активировали JTAG для Intel Management Engine, которая позволяет получить полный доступ ко всем устройствам PCH, используя технологию Intel DCI (через интерфейс USB). Скоро будут подробности. А пока есть вот такая статья на смежную тему https://t.co/hUw7a2g37a

— PositiveTechnologies (@ptsecurity) November 8, 2017

From Google Translate:

JTAG in each house: full access via USB

Researchers at Positive Technologies have activated hardware debugging (JTAG) for Intel Management Engine, which allows full access to all PCH devices (Platform Controller Hub) using Intel DCI technology (via USB interface). We plan to share the details at one of the nearest conferences. And how to activate this interface, but for the main processor, we will tell below.[…]

https://habrahabr.ru/company/pt/blog/341946/

https://translate.google.com/translate?hl=en&sl=ru&u=https://habrahabr.ru/company/pt/blog/341946/

Intel ME is the new “Pandora’s Box”, defenders are going to need bigger (better) tools… 😦

Intel NUC and Compute Stick: DCI unlocked

April 3, 2017 ~ hucktech ~ Leave a comment

Intel® NUC and Intel® Compute Stick DCI Disable
Intel ID:     INTEL-SA-00073
Product family:     Intel® NUC and Intel® Compute Stick based on 6th Gen Intel® Core™ processors
Impact of vulnerability:     Information Disclosure
Severity rating:     Moderate
Original release:     Apr 03, 2017
Last revised:     Apr 03, 2017

Intel® NUC and Intel® Compute Stick systems based on 6th Gen Intel® Core™ processors do not have DCI debug capability properly locked for BIOS only access. This would allow an attacker with physical possession of the system to potentially enable DCI from outside the BIOS. Intel® Direct Connect Interface (DCI) provides closed chassis access to perform debug for processing OEM and OEM customer returns. DCI is was designed to be enabled only via BIOS settings. Current settings in the referenced product family BIOS may allow an attacker with physical access to the system and an NDA (non-disclosure agreement) controlled software stack from Intel to enable DCI from outside the BIOS. If an attacker were able to gain physical access to a system and enable DCI, it is possible they may gain access to personal information. Intel views this risk as a Moderate (4.7) due to physical access, NDA software stack, and high privileges being required by an attacker.[…]

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr

Tag: Intel DCI

INTEL-SA-00127: Intel Direct Connect Interface (DCI) policy update

Positive Technologies: JTAG in each house: full access via USB

Intel NUC and Compute Stick: DCI unlocked