Intel's new CPUs flawed: full system control over USB

Intel's new CPUs have a debugging interface that can be accessed through a freakin' USB 3.0 flash drive.

@anthony256
Published Wed, Jan 11 2017 6:49 AM CST   |   Updated Tue, Nov 3 2020 11:57 AM CST

It looks like Intel could be in for a world of hurt, and a massive explanation for the reason behind some of its new processors being stupidly easy to hack into a PC - through a simple USB port.

Intel's new CPUs flawed: full system control over USB | TweakTown.com

Positive Technologies, a security vendor, has discovered that some of Intel's new CPUs have a debugging interface that can be accessed through USB 3.0 ports. This provides the hacker - and at the point of using as USB flash drive, any person in the world that can hold a USB stick in their hands - full control over the PC. Worse yet, it is completely undetectable by current security tools.

The possibilities of this are virtually unlimited, as someone could plug a USB 3.0 stick in and upload malicious code, keyloggers, and virtually anything else they want. The same flaw allows someone to make the PC completely inoperable, where it is capable of rewriting the entire BIOS. Yeah, that's a pretty big deal.

When talking about the new hacking potential on Intel's processors, Maxim Goryachy and Mark Ermolov at the 33rd Chaos Communication Congress in Hamburg, Germany said: "These manufacturer-created hardware mechanisms have legitimate purposes, such as special debugging features for hardware configuration and other beneficial uses. But now these mechanisms are available to attackers as well. Performing such attacks does not require nation-state resources or even special equipment".

Goryachy said: "We have reported this case to Intel. As of today, this mechanism can be exploited only on Intel U-series processors". So while it's not on every Intel processor out there (that we know of anyway), but the Skylake-based U-series processors are found inside of plenty of laptops and NUCs. Goryachy added: "As of today, no publicly available security system will detect it".

Anthony joined the TweakTown team in 2010 and has since reviewed 100s of graphics cards. Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles