Skip to main content

Intel responds to report about hackers gaining access to a debugging interface

Tapping into the core [33c3]
Intel responded to a claim about hackers gaining hardware-level access to PCs sporting its sixth- and seventh-generation processors. The claim was made during a presentation at the 33rd annual Chaos Communication Congress conference in Hamburg, Germany, which showed how hackers could use a cheap device to gain access to a debugging interface embedded in hardware. The point of entry is through any USB 3.0 port on the device via Intel’s Direct Connect Interface (DCI) feature provided with its sixth- and seventh-generation platforms.

“Intel implemented a proprietary Intel Direct Connect Interface over USB for JTAG [Joint Test Action Group] debugging of closed chassis systems as a feature for 6th and 7th Gen Intel Core processor based platforms,” Intel told Digital Trends. “DCI is an integral part in enabling debug of today’s light and small form factor systems via industry standard JTAG protocols.”

That said, the hacking possibility revealed in the presentation is no cause for alarm. It’s not going to bring the world to a standstill. A hacker must have physical access to a PC in order to carry out this specific attack. Even more, if hackers do manage to gain physical access, they can just about perform any attack from any angle, whether it is through a USB port, breaking open the PC, and so on.

Intel points out that BIOS Guard will keep hackers from changing the firmware, and even if hackers do gain access to the debugging interface, they can’t gain access to Intel’s confidential instructions without grabbing a key from Intel through a non-disclosure agreement. Even more, encrypted hard drives can withstand against this specific attack.

“To provide additional security, the DCI interface is disabled by default per Intel specification and can only be enabled with user consent via BIOS configuration,” Intel told Digital Trends. “Physical access and control of the system is required to enable DCI.”

For a better understanding of what’s going on, start with the debugging interface created by the JTAG. This standard was originally designed to test printed circuit boards once they were manufactured and installed but has since expanded to processors and other programmable chips. Scenarios for using the interface include forensics, research, low-level debugging, and performance analysis.

The interface itself resides within the processor and programmable chips. In turn, JTAG-capable chips have dedicated pins that connect to the motherboard, which are traced to a dedicated 60-pin debugging port on a system’s motherboard (ITP-XDP). This port enables testers to connect a special device directly to the motherboard to debug hardware in relation to drivers, an operating system kernel, and so on.

But now the JTAG debugging interface can be accessed through a USB 3.0 port by way of Intel’s Direct Connect Interface “debug transport technology.” When a hardware probe is connected to the target Intel-based device, the USB 3.0 protocol isn’t used, but rather Intel’s protocol is employed so that testers can perform trace functions and other debugging tasks at high speed. Using a USB 3.0 port means testers aren’t forced to break into the PC to physically connect to the XDP debugging port.

Intel’s Direct Connect Interface appears to be embedded in the company’s sixth-generation motherboard chipsets, such as the 100 Series (pdf), and its processors. It’s also used in the new seventh-generation Kaby Lake platform as well, meaning hackers have two generations of Intel-based PCs to infest and possibly render useless, such as by rewriting the system’s BIOS.

As shown in the presentation by security researchers Maxim Goryachy and Mark Ermolov, one way of accessing the JTAG debugging interface through the USB 3.0 port is to use a device with a cheap Fluxbabbitt hardware implant running Godsurge, which can exploit the JTAG debugging interface. Originally used by the National Security Agency — and exposed by Edward Snowden — Godsurge is malware engineered to hook into a PC’s boot loader to monitor activity. It was originally meant to live on the motherboard and remain completely undetectable outside a forensic investigation.

However, as previously stated, hackers need to have physical access to a PC to take control and spread their malicious code in this specific JTAG-focused attack. Typically, the debugging modules in Intel’s processors require Intel’s SVT Closed Chassis Adapter connected via USB 3.0, or a second PC with Intel System Studio installed connected directly to the target PC via USB 3.0 as well.

Finally, Goryachy noted in his presentation that the problem only resides with Intel’s sixth- and seventh-generation Core ‘U’ processor platforms. Obviously, Intel is now fully aware of the report, but there is really no cause for alarm. Still, the debugging interface on affected PCs can be deactivated if needed. Even more, Intel Boot Guard can be used to prevent malware and unauthorized software from making changes to the system’s initial boot block.

This story was originally published in January 2017. Updated on 01-17-2017 by Kevin Parrish: Added Intel’s response regarding the potential access to its processors.  

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
9 best desktop computers of 2023: tested and reviewed
A top-down view of the Mac Mini.

There are several great options if you're searching for the best desktop computer, but Dell's XPS Desktop (8960) still takes the crown in 2023. It's highly flexible, decently priced, and comes with super powerful hardware. There are desktop PCs to pick from, though.

We've reviewed hundreds of desktop PCs from brands like Dell, Apple, Lenovo, and HP, but only a few truly stand out. These are the computers to look for when making your next upgrade. For our picks, we tried to balance price, performance, build quality, and our experience actually using the desktop. Make sure to read our explainer about how we review desktops to get an inside look at our evaluation process.

Read more
This new GPU connector may finally kill the melting 12VHPWR
A hand holding the RTX 4090 GPU.

The 12VHPWR graphics card connector has made a name for itself for all the wrong reasons, with the component frequently melting and causing the death of many a GPU. Now, graphics card manufacturers are apparently testing a replacement that could finally put an end to the sorry saga.

The new version, dubbed 12V-2x6, can reportedly deliver up to 660W of power to a graphics card -- 10% more than the 12VHPWR. Despite that, testing has apparently shown it to be much safer than its predecessor.

Read more
Best MacBook deals: Apple laptops starting at $159
A MacBook Pro M2 sits on a wooden table with a nice bokeh background.

If you're keen to find all the best Apple deals with an eye on awesome MacBook discounts, we're here to help. We've picked out some of the best MacBook deals going on right now and that includes some devices that cost just $159. That's for an older refurbished model but we also have the latest MacBook Pros and Airs listed below too. Basically, there's something for everyone here. Keep reading while we take you through the highlights when it comes to MacBook deals. Shopping on a shoestring budget? Perhaps check out our list of the best refurbished MacBook deals instead.
MacBook Air 11.6-inch (2015) -- from $159

Once the latest MacBook Air but now eight years old and still competent, the MacBook Air 11.6-inch (2015) is a great starting point for anyone new to macOS or who just needs something financially on par with a Chromebook. It's a refurbished model but it comes with a one-year warranty so there's peace of mind here. It won't run the latest macOS unfortunately, but its Intel Core i5 processor, 4GB of memory and 128GB of SSD storage helps you perform the basics. It still has all the style of a MacBook so we're thinking this could be a good entry point as your child's first MacBook or if you want a project.

Read more