Could one write a worm that worked purely on the Intel me, spread machine to machine via me Ethernet monitoring, that could then look at the local hd for crypto keys and report them back to a remote server?
I envision a worm that disables the ME completely once it's found and "infected" another few. Perhaps show a message that says "Your computer is now owned... by you." That would certainly raise some interesting discussion about ethics...
Using which exploit? Quoting the article:
"
The vulnerability identified in CVE-2017-5712 is exploitable remotely over the network in conjunction with a valid administrative Intel® Management Engine credential. The vulnerability is not exploitable if a valid administrative credential is unavailable."
So where is the Ethernet level remote vulnerability? The rest require physical access.
Is the above theoretically possible?