CATEGORIES
home News

Researchers Exploit Undocumented Intel VISA Debug Controller To Intercept System Data

by Brandon HillFriday, March 29, 2019, 11:32 AM EDT

It was just a few weeks ago when we told you about the SPOILER speculative attack that affects Intel processors, and now we’re learning of a new security exploit that takes advantage of the company’s Visualization of Internal Signals Architecture (VISA). The VISA exploit was detailed to the public at a Black Hat Asia 2019 session entitled Intel VISA: Through the Rabbit Hole.

9980xe with mug

First identified by Maxim Goryachy and Mark Ermolov, this latest vulnerability leverages the VISA logic signal analyzer that is incorporated into the Platform Controller Hub (PCH) found on Intel-based motherboards and in Intel processors. According to the researchers, it is capable of “monitoring the state of internal lines and buses in real time.”

The researchers explain that VISA gives access to a treasure trove of information, including:

  • Low-level access to CPU signals on the customer’s platform
  • Study of speculative execution and out-of-order
  • Reconstruction of internal architecture.

According to the researchers, the amount of data flowing through VISA (and the Management Engine) not only provides a wealth of data to researchers, but could also be exploited by nefarious parties. Crucially, accessing VISA can be done without the need to perform hardware modifications on a system.

The PCH can handle communications between the processor and external components like the display and peripherals (webcams, keyboards, mice, etc.). VISA can capture these signals, which means that any unauthorized access to a machine – perpetrated through malware, for example – could give an attacker access to a wealth of information if they can decipher the flow of information.

intel visa

Goryachy and Ermolov say that the documentation relating to VISA is under NDA and not publicly available. However, they were still able to exploit systems using publicly available mitigations accessible via the internet.

ZDNet separately reports that Intel considers this matter closed, stating that the VISA exploit, “Relies on physical access and a previously mitigated vulnerability addressed in INTEL-SA-00086 on November 20, 2017. Customers who have applied those mitigations are protected from known vectors.”

However, Ermolov counters that Intel’s firmware can be downgraded, nullifying the protections introduced with Intel-SA-00086. For a look at how Goryachy and Ermolov compromised the ME and VISA, you can check out the pair’s presentation files right here [PDF]

Tags:  Intel, security, VISA, Black Hat, (NASDAQ:INTC), pch
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment