Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday January 20 2017, @01:06PM   Printer-friendly
from the if-you've-got-physical-access dept.

BleepingComputer has an interesting article on a 2015 design decision by Intel that opened up the JTAG interface to attacks.

Attackers with access to a device can take control over a target's computer and bypass all local security systems by abusing a hardware debugging interface included with Intel CPUs, which in recent years has become accessible via an external USB 3.0 port.

The debugging interface is JTAG (Joint Test Action Group), a debugging framework that has been included for many years with Intel chipsets.

JTAG works under the software level, allowing engineers, developers, and system administrators access to a hardware debugging utility that can provide insight into how the OS kernel, hypervisors, and local drivers are performing.

[...] In older Intel CPUs, the JTAG interface was only accessible by connecting a special device to the ITP-XDP port found on the motherboard, inside a computer's chassis.

Starting with the Skylake CPU line released in 2015, Intel dropped the ITP-XDP interface and allowed developers and engineers to access this powerful debugging utility via common USB 3.0 ports, accessible from the device's exterior, via a new a new technology called Direct Connect Interface (DCI).

Two Positive Technologies security researchers, Maxim Goryachy and Mark Ermolov, argue that this has significantly simplified the attack procedure needed to take control of Intel-based machines.

The two explain that while most hardware vendors disable the DCI interface before they ship products out of the factory's gateway, the DCI interface can be re-enabled via a computer's BIOS settings.

If a target doesn't password-protect its BIOS, attackers can enable this setting, and then connect via USB and alter core processes, undetectable to any type of security software installed on a targetted[sic] machine.

Submitted via IRC for TheMightyBuzzard


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by EEMac on Friday January 20 2017, @01:25PM

    by EEMac (6423) on Friday January 20 2017, @01:25PM (#456511)

    "Physical access means it's already owned." There is deep wisdom in this line.

    The article has value as documenting a _new_ way, out of the many many ways, a physically-accessible computer with BIOS settings available can be taken over.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   3  
  • (Score: 3, Interesting) by bob_super on Friday January 20 2017, @06:54PM

    by bob_super (1357) on Friday January 20 2017, @06:54PM (#456647)

    Actually, if you do have a bit more money, there are embedded solutions which will protect you even against physical access, while still fairly capable (mid-range ARM).
    They might be cracked by some Three-Letter Agencies (I didn't have the Clearance for that briefing, or wouldn't tell you if I did), but will keep away all but the smartest hackers. You'd have to be very important indeed, for someone to dedicate the massive effort...