Intel Visa tech can be used by hackers to read data from memory

News by Rene Millman

Security researchers discover new technology from Intel could be subverted to enable an attacker to read data from the memory and intercepting the peripherals' signals by activating disabled technology.

Security researchers have discovered that new technology from Intel could be subverted to enable an attacker to read data from the memory and intercepting the peripherals' signals. Although Intel VISA is disabled by default on commercial systems, the experts found several ways to activate the technology.

According to findings by researchers at Positive Technologies, researchers found that the PCH microchips (Platform Controller Hub) on modern Intel motherboards contain a full-fledged logic signal analyser called Intel Visualization of Internal Signals Architecture (VISA). The analyser allows monitoring the state of internal lines and buses in real time. A similar analyser can also be found in modern Intel processors.

The processor communicates with peripherals (display, keyboard, and webcam) via the PCH microchip, which therefore has access to almost all data on a computer.

"We found out that it is possible to access Intel VISA on ordinary motherboards, with no specific equipment needed," said Positive Technologies expert Maxim Goryachy. "With the help of VISA, we managed to partially reconstruct the internal architecture of the PCH microchip."

Researchers said they assumed that Intel VISA is used to check Intel microchips for flaws. However, with an enormous number of parameters, VISA allows creating custom rules for capturing and analysing signals, which can be used by attackers to access sensitive information, they added.

In a demo at Black Hat, Researchers at Positive Technologies, Maxim Goryachy and Mark Ermolov verified how to read signals from internal buses (for example, IOSF Primary, Side Band, and Intel ME Front Side Bus) and other internal PCH devices. Unauthorised access to these devices allows intercepting data from the computer memory, the discovered.

The researchers analysed the technology with the help of vulnerability INTEL-SA-00086 previously detected by Positive Technologies specialists in the Intel Management Engine subsystem, also integrated in the PCH microchip. This flaw in IME allows hackers to attack the computers, for example by injecting spyware in the subsystem's code.

The operating system update is not sufficient to eliminate the problem—a fixed firmware version must be installed, said researchers.

In response, an Intel spokesperson emailed SC Media UK to point out: "This issue, as discussed at BlackHat Asia, relies on physical access and a previously mitigated vulnerability addressed in INTEL-SA-00086 on November 20, 2017. Customers who have applied those mitigations are protected from known vectors."

The news comes as a new report by the National Cyber Security Centre, said it could offer "only limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK".

Here, however, it was flaws rather than subverted built-in technology that was the issue.

Huawei oversight board, which is chaired by the head of GCHQ’s National Cyber Security Centre (NCSC), said there were "significant technical issues in Huawei’s engineering processes leading to new risks in the UK telecommunications networks".

Consumer Choice Center’s senior privacy fellow Mikolaj Barczentewicz said the defects in Huawei software publicised today "are significant and stem from Huawei giving insufficient weight to the security of their products by delivering good and safe code".

"Consumers cannot know if European and American manufacturers are doing better than Huawei in that respect, because manufacturers other than Huawei are not subjected to the same kind of public scrutiny.

"The Huawei case is an opportunity to introduce effective security certification of all critical equipment used in telecommunications infrastructure. The standards should be equally rigorous irrespective of who is the manufacturer. Bad code may be vulnerable no matter who wrote it," said Barczentewicz.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop