---
title: "I'm not a hardware security expert, but my understanding is that with…"
date: 2017-11-09
source: facebook
type: Archer T. Ships shared a link.
---

# I'm not a hardware security expert, but my understanding is that with…

*November 9, 2017 · Facebook*

::::: {}
::: {}
[https://twitter.com/h0t_max/status/928269320064450560](https://twitter.com/h0t_max/status/928269320064450560){target="_blank"}
:::

::: {}
I\'m not a hardware security expert, but my understanding is that with this technique, anyone with physical access can gain nearly undetectable uber-root access to the entire security and management engine of a recent Intel system by plugging in a USB device.\
\
More details from the discoverers of the exploit here:\
\
[https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf){target="_blank"}\
\
JTAG = Joint Test Action Group debugging interface. A JTAG debugger has chipset-level access to a system, like root access, but at the hardware level.\
\
CSME = Converged Security and Manageability Engine, which powers the Intel Active Management System. Basically a master security controller.\
\
USB DCI = USB Direct Connect Interface. A potential JTAG interface. It allows access with a simple plug into a compatible USB port.\
\
[https://twitter.com/h0t_max/status/928269320064450560](https://twitter.com/h0t_max/status/928269320064450560){target="_blank"}
:::
:::::