I don’t think this would be possible without physical access and tech that only exist in theory.
It should be in theory be possible to make a mod chip that uses the BUP exploit and JTAG to load a custom ME image, but I don’t think there is any way you can do this only using software.
Again, I am not an expert and welcome any comment pointing out a flaw in my argument.
In this specific case I have observed updates to the ME of my Lenovo P51 running Windows 10. These updates prepare under Windows, then restart the computer at which point the ME is flashed. I have observed this multiple times and it’s all software.
Yes, I assume these updates are secured by signatures etc. …but what if the private key for these signatures get’s into the wrong hands? … what if the ME signature check has a vulnerability or can be circumvented somehow?
I’m pretty sure you are mistaken as demonstrated by the above example. Lenovo had no physical access. They simply “tricked” me into running a piece of software.
Fair enough, it wasn’t clear that you meant the attacker also had access to the Intel signing keys. I understood it as you meant someone with only an zero day would be able to patch the firmware ROM.
I don’t know @renehoj. I have some ideas but are not sure if they are applicable.
There are teams hacking into iPhone, Xbox, Playstation and many other devices all the time. They don’t have the keys either.
The crux with this argument is that we don’t know what we don’t know.
Admittedly I’m in FUD territory now.
For me it all comes down to the fact that there is a KVM build into my computer and I have no control over it. It’s creepy and I don’t like it. Simple as that.
Someone in the government thinks it’s creepy too, otherwise there wouldn’t be those special builds that have the ME disabled. 
And why can’t “normal” people buy those? What’s up with that?
I know. FUD. I’ll stop.
You can control this part, at least in theory you can, ME doesn’t prevent you from disabling or removing AMT.
Networking/KVM and the ability to control the power state of the system are both AMT features, it’s not ME features.
I think the government also felt it was a security risk, and there is no denying that it’s a security risk, but that doesn’t make it a backdoor.
Not sure exactly how HAP works, but from what I understand it completes the boot process and then disables ME. This make me believe the government wanted a way to disable ME, but still use the secure boot feature, which seems like the best of both worlds.
Many smaller companies sell ME disabled system, Dell is probably the biggest company that sell systems with ME disabled. I think this is mainly a supply and demand issue, most people don’t care about privacy, without the demand the companies don’t create the product.
Privacy does seem to be gaining some momentum, I don’t think it’s impossible that options to disable ME and ATM are going to be available in most bios firmware in the future.
I don’t understand how you came to such conclusion. Here is how I imagine it in more detail:
ME is reading everything that is happening in RAM.
You open Javascript with a “secret code” for ME. AFAIK Javascript runs in RAM.
ME finds that signal and gives a command to dom0 to connect to a remote server.
Game over™.
You can buy one of them System76 laptops, which contain some of the latest CPUs and are corebooted.
Me neither. I simply don’t know. And it’s not knowable with reasonable effort. That later part is why it’s unacceptable to me and you I am sure.
Can someone please answer this question:
If my entire local network is sitting behind a router without ME, and port forwarding can only be done on this router, is my entire local network safe against ME-based attacks, regardless of whether those machines have ME?
The idea being, if Intel/NSA can’t even connect to those local machines to begin with, isn’t the ME kinda useless to them?
But can ME itself connect to NSA? See my imaginary example above: Let's get to the bottom of this - how can I control my home Qubes computer using Intel ME? - #26 by fsflover.
A smart person can pivot from another box on your network to initiate an ME attack. Think of that dusty windows computer on your network or the router itself.
Your paranoia is more than justified… There’s just nothing to be done about it because the people with the brains, the people with the money, and the people with the guns all want more power for themselves and less power for us. Mark my words, in just a few decades it will be impossible to purchase any electronic device at all that doesn’t force constant surveillance from at least 1 big tech company, not even a pocket watch, 90% of the population will be perfectly okay with that, and those who aren’t will be outcast even more harshly than we are today. Best you can do is invest on older systems and parts NOW before we start having to pay vintage/collector prices for stuff from 2010.
Marked.
Haha, you said it! “Hacking into iPhone” - Triangulation. Quote: “The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.” - undocumented, proprietary, closed source… There is a reason (and several multibillions-backed state organizations) why these kind of things exist.
Anyway, as there were opensource routers mentioned above, there are some good projects like Turris routers. As for router OS, OpenBSD seems to be a good choice.