SoylentNews is people
SoylentNews
BleepingComputer has an interesting article on a 2015 design decision by Intel that opened up the JTAG interface to attacks.
Attackers with access to a device can take control over a target's computer and bypass all local security systems by abusing a hardware debugging interface included with Intel CPUs, which in recent years has become accessible via an external USB 3.0 port.
The debugging interface is JTAG (Joint Test Action Group), a debugging framework that has been included for many years with Intel chipsets.
JTAG works under the software level, allowing engineers, developers, and system administrators access to a hardware debugging utility that can provide insight into how the OS kernel, hypervisors, and local drivers are performing.
[...] In older Intel CPUs, the JTAG interface was only accessible by connecting a special device to the ITP-XDP port found on the motherboard, inside a computer's chassis.
Starting with the Skylake CPU line released in 2015, Intel dropped the ITP-XDP interface and allowed developers and engineers to access this powerful debugging utility via common USB 3.0 ports, accessible from the device's exterior, via a new a new technology called Direct Connect Interface (DCI).
Two Positive Technologies security researchers, Maxim Goryachy and Mark Ermolov, argue that this has significantly simplified the attack procedure needed to take control of Intel-based machines.
The two explain that while most hardware vendors disable the DCI interface before they ship products out of the factory's gateway, the DCI interface can be re-enabled via a computer's BIOS settings.
If a target doesn't password-protect its BIOS, attackers can enable this setting, and then connect via USB and alter core processes, undetectable to any type of security software installed on a targetted[sic] machine.
Submitted via IRC for TheMightyBuzzard
(Score: 3, Insightful) by ledow on Friday January 20 2017, @04:54PM
Would like to know how they can do anything remotely if you have even the most basic firewall in place. Or did you mean "remote" from the computer, i.e. on the same network?
And the same is true of any number of manufacturers. 3DFX cards had DMA access to all of RAM, with a Windows driver that let you access any memory range whatsoever. There's also no telling what anything installed as an administrator does, so any nVidia, AMD or Intel graphics card could be doing literally anything on your PCIe buses, on the OS driver level in software, and you'd never know anything about it.
Pretending that this kind of thing is new, or Intel-only, is really just kidding yourself.
Hell, Firewire allowed arbitrary DMA for years. God knows what those closed-source binary drivers in Windows or from manufacturers are doing. And even an audit of what such devices/software have so far done in every system collectively from every firewall log ever made in the whole wrold? Wouldn't tell you if there was a "activation" button/message/trigger that would suddenly change that software / hardware's behaviour to do something pre-programmed and much more insidious at any point.
And Intel *is* your computer, they don't need to own it.
Or AMD.
Or maybe even ARM.
You have absolutely no idea what they are doing with your data at any point. It could be broadcasting it encrypted on FM every Tuesday at 8pm for all you know, unless someone has noticed that happening and traced it back, you have no idea.
Hey, has your BIOS still got an EMI reduction mode to reduce the electromagnetic emissions that its operation generates on ordinary radio frequencies?