Researchers from Positive Security have revealed a significant vulnerability allowing the attacker to gain full control of the CPU without doing much.
Intel CPUs Can Be Pwned via USB Port And A Hardware Feature
Hackers with access to a device can take complete control over victim’s computer and can bypass all security system by abusing a hardware debugging interface included with Intel CPUs.
Well, hardware debugging of stuff like a kernel, drivers, hypervisor, etc. can be done on Intel CPUs with the help of Join Test Action Group which you can also say JTAG interface. Previously Joint Test Action group interface can only be accessed using a unique device which needs to be connected to the motherboard.
However, the latest processors from Intel starting from Skylake and Kabylake, the company had implemented Direct Connect Interface (DCI) which simply allows Joint test action group to access via USB 3.0 port.
According to Maxim Goryachy and Mark Ermolov, the researchers from Positive Security, accessing CPUs via USB post can be very dangerous. The computer of victims could be tagged as vulnerable even if the DCI interface is just enabled, and there are no software or hardware changes to be made.
Direct Connect Interface (DCI) is disabled by default on Intel CPUs. But, it can be enabled by going through BIOS configuration, and a proprietary key is required to access Join Test Action Group.
Researcher Maxim Goryachy and Mark Ermolov even demonstrated the vulnerability in the video at the Chaos Communication Congress in German in December 2016. Here is the demo video:
https://www.youtube.com/watch?v=QuuTLkZFsug
So, what do you think about this? Share your views in the comment box below.
