It turned out that there is a debugging mechanism that Intel's new CPU is deprived of full system control via the USB port


ByDani Latorre

We found a vulnerability in Intel 's new CPU including several debugging interfaces that allows attacks that take full control of the entire system via USB 3.0. According to researchers of Positive Technologies discovered, the attacker can rewrite the machine BIOS or read all the data without being detected by the latest security tool, even invalidating the machine It is possible.

Debugging mechanism in Intel CPUs allows seizing control via USB port
https://www.scmagazine.com/debugging-mechanism-in-intel-cpus-allows-seizing-control-via-usb-port/article/630480/


Maxim Goryachy and Mark Ermolov, who explained the mechanism of this vulnerability and how to deal with the 33rd Chaos Communication Congress in Hamburg, Germany, said, "Some of the manufacturer's hardware mechanisms are legitimate There are special debugging functions to verify the hardware configuration etc. installed for the purpose, but these functions can be used by the attacker as well, and in order to attack it, it is necessary not only at the national level facilities but also special equipment I do not need it. "

During the presentation, the two will be accessible via USBJTAGProof of undetectable attack using debug interface has been proven. JTAG has OS kernel andHypervisor, Because it runs under the software layer for hardware debugging purposes such as drivers, if an attacker maliciously accesses the CPU, it is abused by attacks that evade the security tool and deprive the full function of the machine There is a possibility.

For older Intel CPUs, it is required to connect a special device to the debug board (ITP - XDP) on the motherboard to access JTAG. Meanwhile, since the 2015 Skylake series, Intel provides Direct Connect Interface (DCI) that enables access to the JTAG debug interface via a common USB 3.0 port, so it can handle DCI compatible CPU There is a danger of being abused without preparing special hardware and software.

Specifically, the CPU of the "Intel U" series which is a processor for notebook PCs and mini PCs has the possibility of getting deprived of the system regardless of the installed OS. The two have reported vulnerabilities to Intel and said they are proposing countermeasures such as using Intel's BootGuard function and restricting startup of the debug interface.

ByFritzchens Fritz

Related Posts:

in Hardware,   Security, Posted by darkhorse_log