Re: Chinese agents slip spy chips into Super Micro servers
The report says that the component was designed to hack the BMC, which can already do everything that the IntelME can do and more. So yes, using a vulnerability in ME might well be easier than surreptitiously inserting a component, but it's not like most BMC's are any more secure, and would probably be a much easier target.
(They also don't mention what kind of CPU these boards had. They might have used AMD or even ARM CPUs, although given how many Intel based servers there are out there, it's unlikely)
Another possibility if you had some access to the boards during manufacturing would be to just swap the BIOS (or BMC, or a number of other chips) with one that contained some kind of malicious capability.
Basically, there's easier ways to do what is being claimed, and attacking IntelME is just one of them.
Biting the hand that feeds IT
