DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 15, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 80 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Intel U-series CPUs suffering from security flaw that enables full control via USB

Posted on Thursday, January 12 2017 @ 14:28:30 CET by


Intel logo
Security researchers from Positive Technologies discovered that starting with the Skylake family in 2015, Intel's new U-series processors contain a security flaw that make it possible to fully compromise a system via USB.

The problem lies in a new debugging system, previously this required connecting a special (and expensive) device to a debugging port on the motherboard but now the interface is accessible via any USB 3.0 port. If a target system has Direct Connect Interface (DCI) enabled by default, hackers or spies can compromise a system via a USB port without having to perform any hardware or software manipulations.
The duo analysed and demonstrated one of these mechanisms in their presentation. The JTAG (Joint Test Action Group) debugging interface, now accessible via USB, has the potential to enable dangerous and virtually undetectable attacks. JTAG works below the software layer for the purpose of hardware debugging of the OS kernel, hypervisors and drivers. At the same time, though, this CPU access can be abused for malicious purposes.

On older Intel CPUs, accessing JTAG required connecting a special device to a debugging port on the motherboard (ITP-XDP). JTAG was difficult to access for both troubleshooters and potential attackers.

However, starting with the Skylake processor family in 2015, Intel introduced the Direct Connect Interface (DCI) which provides access to the JTAG debugging interface via common USB 3.0 ports.
By using this intrusion method, a hacker can bypass all security mechanisms regardless of the OS installed. Maxim Goryachy and Mark Ermolov demonstrated the attack at the 33rd Chaos Communication Congress in Hamburg, Germany. Further details can be read at SC Magazine.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba