Intel Microchip Intercepts Signals, Reads Memory
At this week's Black Hat Asia 2019 conference, researchers from Positive Technologies revealed findings about an undocumented technology in Intel microchips that allow reading data from the memory of and intercepting the signals from peripherals.
The PCH microchips (Platform Controller Hub) on modern Intel motherboards reportedly contain a logic signal analyzer called Intel Visualization of Internal Signals Architecture (VISA), which are disabled by default on commercial systems. However, the researchers discovered several different tactics an attacker could use to activate the technology that has access to virtually all the data on a computer. The researchers were able to intercept signals on displays, keyboards, and webcams.
"With VISA, we succeeded in partially reconstructing the internal architecture of PCH and, within the chip, discovered dozens of devices that are invisible to the user yet are able to access certain critical data," the researchers wrote. In their talk, the experts demonstrated "how to read signals from PCH internal buses (for example, IOSF Primary and Side Band buses and Intel ME Front Side Bus) and other security-sensitive internal devices."
Leveraging the previously identified vulnerability INTEL-SA-00086 in the Intel Management Engine (IME) discovered by researchers at Positive Technologies, Goryachy and Ermolov demonstrated that a malicious actor could attack the computers by injecting spyware in the subsystem’s code.
"ME can intercept and modify network packets as well as images on graphics cards; it has full access to USB devices. Such capabilities mean that if an attacker finds an opportunity to execute arbitrary code inside ME, this will spawn a new generation of malware that cannot be detected using current protection tools. Fortunately, only three (publicly known) vulnerabilities have been detected in the 17-year history of this technology," the researchers wrote.
"We found out that it is possible to access Intel VISA on ordinary motherboards, with no specific equipment needed," said Positive Technologies expert Maxim Goryachy, according to a press release. "With the help of VISA, we managed to partially reconstruct the internal architecture of the PCH microchip."
Source: Information Security Magazine