[woodrowbarlow]

it's a closed-source binary blob on intel chipsets with unfettered access to the CPU. it is also (often) directly connected to the RJ45 port.

here's a good overview of the risk: http://hackaday.com/2016/11/28/neutralizing-intels-managemen...

[pmoriarty]

So if you don't use the RJ45 port on the motherboard but instead use an RJ45 port on an expansion card instead you're safe?

[mschuster91]

Partially. Expansion cards use PCI-E which has DMA capability, so a bug/backdoor in their firmware can very well be used to attack a system.

But I believe newer systems with MMUs acting as "firewalls" for DMA are safe from this vector.

[woodrowbarlow]

there's also the concern of physical attacks, via the motherboard's RJ45 or USB.

[mschuster91]

At least USB doesn't have device-initiated DMA, but USB descriptor parsing bugs have in the past led to exploits (I remember the PlayStation jailbreak).

[pmoriarty]

A good argument to epoxy those ports shut, if you're really worried about that.