Debugging mechanism in Intel CPUs allows seizing control via USB port

https://www.scmagazine.com/debugging-mechanism-in-intel-cpus-allows-seizing-control-via-usb-port/article/630480/

Some Intel CPUs have JTAG over USB 3 debugging built-in. This could be good for debugging but is really bad for computer security.

“starting with the Skylake processor family in 2015, Intel introduced the Direct Connect Interface (DCI) which provides access to the JTAG debugging interface via common USB 3.0 ports.”

Having the DCI interface enabled is sufficient to make target computers vulnerable. Researchers found that on many computers, DCI is enabled out-of-the-box and not blocked by default.

This mechanism in Intel CPUs could lead to a whole new class of Bad USB-like attacks. Fortunately this mechanism can be exploited only on Intel U-series processors (used on laptops and NUC) at the moment.

3 Comments

January 21, 2017 at 12:53 pm
Tomi Engdahl says:

Tapping into the core [33c3]
https://www.youtube.com/watch?v=QuuTLkZFsug

Reply
January 21, 2017 at 12:58 pm
Tomi Engdahl says:

http://www.etn.fi/index.php/13-news/5702-intel-koneet-saa-haltuun-usb-vaeylaen-kautta

Reply
January 21, 2017 at 4:37 pm
Tomi Engdahl says:

http://blog.ptsecurity.com/2017/01/intel-debugger-interface-open-to.html?m=1

Reply

Leave a Comment Cancel reply