New feature in Intel chipsets can be abused by attackers to expose sensitive data
- This new feature has been included in modern Intel chipsets to help the developers with testing and debugging on manufacturing lines.
- By abusing the feature, attackers can create spyware that works even at the lowest level.
Security researchers have recently disclosed a new threat that exists in the Intel Visualization of Internal Signals Architecture (VISA). Cybercriminals can exploit the feature to sniff the data that passes through the CPU.
What’s the matter - At the Black Hat Asia 2019 security conference, security experts Maxim Goryachy and Mark Ermolov from Positive Technologies revealed that the new VISA utility is vulnerable to attacks. This new feature has been included in modern Intel chipsets to help the developers with testing and debugging on manufacturing lines.
However, unauthorized access to the unknown and undocumented feature would allow an attacker to intercept data from the computer memory and create spyware that can work without being detected.
How the feature can be abused - Researchers demonstrated that the new utility could be abused in a variety of ways. One method involves using the secretive Intel Management Engine (ME), which is available in Nehalem processors and 5-Series Chipsets.
While Intel has claimed that the feature is safe from any attacks, Goryachy and Ermolov revealed that the feature can be abused by leveraging the vulnerabilities in the Intel-SA-00086 security advisory. These flaws enabled the researchers to take control of the Intel Management Engine and the VISA utility as well.
Intel denies of any vulnerability - Intel has refuted the theories of researchers and said that patches for the vulnerabilities were released in November 2017.
"The Intel VISA issue, as discussed at Black Hat Asia, relies on physical access and a previously mitigated vulnerability addressed in INTEL-SA-00086 on November 20, 2017. Customers who have applied those mitigations are protected from known vectors,” an Intel spokesperson told ZDNet.
The Positive Technologies researchers have noted that the Intel-SA-00086 fixes are not enough, as Intel firmware can be downgraded to vulnerable version to take over Intel ME and later the VISA feature.