Researchers Exploit Undocumented Intel VISA Debug Controller To Intercept System Data

by Brandon Hill — Friday, March 29, 2019, 11:32 AM EDT

It was just a few weeks ago when we told you about the SPOILER speculative attack that affects Intel processors, and now we’re learning of a new security exploit that takes advantage of the company’s Visualization of Internal Signals Architecture (VISA). The VISA exploit was detailed to the public at a Black Hat Asia 2019 session entitled Intel VISA: Through the Rabbit Hole.

First identified by Maxim Goryachy and Mark Ermolov, this latest vulnerability leverages the VISA logic signal analyzer that is incorporated into the Platform Controller Hub (PCH) found on Intel-based motherboards and in Intel processors. According to the researchers, it is capable of “monitoring the state of internal lines and buses in real time.”

The researchers explain that VISA gives access to a treasure trove of information, including:

Low-level access to CPU signals on the customer’s platform
Study of speculative execution and out-of-order
Reconstruction of internal architecture.

According to the researchers, the amount of data flowing through VISA (and the Management Engine) not only provides a wealth of data to researchers, but could also be exploited by nefarious parties. Crucially, accessing VISA can be done without the need to perform hardware modifications on a system.

The PCH can handle communications between the processor and external components like the display and peripherals (webcams, keyboards, mice, etc.). VISA can capture these signals, which means that any unauthorized access to a machine – perpetrated through malware, for example – could give an attacker access to a wealth of information if they can decipher the flow of information.

Goryachy and Ermolov say that the documentation relating to VISA is under NDA and not publicly available. However, they were still able to exploit systems using publicly available mitigations accessible via the internet.

ZDNet separately reports that Intel considers this matter closed, stating that the VISA exploit, “Relies on physical access and a previously mitigated vulnerability addressed in INTEL-SA-00086 on November 20, 2017. Customers who have applied those mitigations are protected from known vectors.”

However, Ermolov counters that Intel’s firmware can be downgraded, nullifying the protections introduced with Intel-SA-00086. For a look at how Goryachy and Ermolov compromised the ME and VISA, you can check out the pair’s presentation files right here [PDF]

Tags: Intel, security, VISA, Black Hat, (NASDAQ:INTC), pch

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now