Technology content trusted in North America and globally since 1999
8,392 Reviews & Articles | 64,116 News Posts

Intel's new CPUs flawed: full system control over USB

Intel's new CPUs have a debugging interface that can be accessed through a freakin' USB 3.0 flash drive
By Anthony Garreffa from Jan 11, 2017 @ 6:49 CST

It looks like Intel could be in for a world of hurt, and a massive explanation for the reason behind some of its new processors being stupidly easy to hack into a PC - through a simple USB port.




Positive Technologies, a security vendor, has discovered that some of Intel's new CPUs have a debugging interface that can be accessed through USB 3.0 ports. This provides the hacker - and at the point of using as USB flash drive, any person in the world that can hold a USB stick in their hands - full control over the PC. Worse yet, it is completely undetectable by current security tools.


The possibilities of this are virtually unlimited, as someone could plug a USB 3.0 stick in and upload malicious code, keyloggers, and virtually anything else they want. The same flaw allows someone to make the PC completely inoperable, where it is capable of rewriting the entire BIOS. Yeah, that's a pretty big deal.


When talking about the new hacking potential on Intel's processors, Maxim Goryachy and Mark Ermolov at the 33rd Chaos Communication Congress in Hamburg, Germany said: "These manufacturer-created hardware mechanisms have legitimate purposes, such as special debugging features for hardware configuration and other beneficial uses. But now these mechanisms are available to attackers as well. Performing such attacks does not require nation-state resources or even special equipment".


Goryachy said: "We have reported this case to Intel. As of today, this mechanism can be exploited only on Intel U-series processors". So while it's not on every Intel processor out there (that we know of anyway), but the Skylake-based U-series processors are found inside of plenty of laptops and NUCs. Goryachy added: "As of today, no publicly available security system will detect it".


Related Tags