[dannyw]

ME is a bit more than that. To enable remote access functionality, the ME has:

  * Access to all memory of the host device.
  * Ability to make and receive network requests, transparent (invisible) to the host device.
  * Access to all other communications, buses, and devices of the host device.
  * Can execute CPU commands at the highest privilege level.
  * Accepts updates that are signed by Intel's signing key.

This means that it's quite possible for a web page to deliver a series of "magic bytes" that a backdoored ME listens to, and then immediately executes instructions.

Various controls, like the UK and Australia, have laws in force that can compel companies like Intel to sign using its signing key.

Before you think this doesn't affect someone in the US, it is widely known that five-eyes uses each other's capabilities and privileges and acts collectively.