1. Home
  2. Computing
  3. News

Intel responds to report about hackers gaining access to a debugging interface

By

Intel responded to a claim about hackers gaining hardware-level access to PCs sporting its sixth- and seventh-generation processors. The claim was made during a presentation at the 33rd annual Chaos Communication Congress conference in Hamburg, Germany, which showed how hackers could use a cheap device to gain access to a debugging interface embedded in hardware. The point of entry is through any USB 3.0 port on the device via Intel’s Direct Connect Interface (DCI) feature provided with its sixth- and seventh-generation platforms.

“Intel implemented a proprietary Intel Direct Connect Interface over USB for JTAG [Joint Test Action Group] debugging of closed chassis systems as a feature for 6th and 7th Gen Intel Core processor based platforms,” Intel told Digital Trends. “DCI is an integral part in enabling debug of today’s light and small form factor systems via industry standard JTAG protocols.”

Recommended Videos

That said, the hacking possibility revealed in the presentation is no cause for alarm. It’s not going to bring the world to a standstill. A hacker must have physical access to a PC in order to carry out this specific attack. Even more, if hackers do manage to gain physical access, they can just about perform any attack from any angle, whether it is through a USB port, breaking open the PC, and so on.

Intel points out that BIOS Guard will keep hackers from changing the firmware, and even if hackers do gain access to the debugging interface, they can’t gain access to Intel’s confidential instructions without grabbing a key from Intel through a non-disclosure agreement. Even more, encrypted hard drives can withstand against this specific attack.

“To provide additional security, the DCI interface is disabled by default per Intel specification and can only be enabled with user consent via BIOS configuration,” Intel told Digital Trends. “Physical access and control of the system is required to enable DCI.”

For a better understanding of what’s going on, start with the debugging interface created by the JTAG. This standard was originally designed to test printed circuit boards once they were manufactured and installed but has since expanded to processors and other programmable chips. Scenarios for using the interface include forensics, research, low-level debugging, and performance analysis.

The interface itself resides within the processor and programmable chips. In turn, JTAG-capable chips have dedicated pins that connect to the motherboard, which are traced to a dedicated 60-pin debugging port on a system’s motherboard (ITP-XDP). This port enables testers to connect a special device directly to the motherboard to debug hardware in relation to drivers, an operating system kernel, and so on.

But now the JTAG debugging interface can be accessed through a USB 3.0 port by way of Intel’s Direct Connect Interface “debug transport technology.” When a hardware probe is connected to the target Intel-based device, the USB 3.0 protocol isn’t used, but rather Intel’s protocol is employed so that testers can perform trace functions and other debugging tasks at high speed. Using a USB 3.0 port means testers aren’t forced to break into the PC to physically connect to the XDP debugging port.

Intel’s Direct Connect Interface appears to be embedded in the company’s sixth-generation motherboard chipsets, such as the 100 Series (pdf), and its processors. It’s also used in the new seventh-generation Kaby Lake platform as well, meaning hackers have two generations of Intel-based PCs to infest and possibly render useless, such as by rewriting the system’s BIOS.

As shown in the presentation by security researchers Maxim Goryachy and Mark Ermolov, one way of accessing the JTAG debugging interface through the USB 3.0 port is to use a device with a cheap Fluxbabbitt hardware implant running Godsurge, which can exploit the JTAG debugging interface. Originally used by the National Security Agency — and exposed by Edward Snowden — Godsurge is malware engineered to hook into a PC’s boot loader to monitor activity. It was originally meant to live on the motherboard and remain completely undetectable outside a forensic investigation.

However, as previously stated, hackers need to have physical access to a PC to take control and spread their malicious code in this specific JTAG-focused attack. Typically, the debugging modules in Intel’s processors require Intel’s SVT Closed Chassis Adapter connected via USB 3.0, or a second PC with Intel System Studio installed connected directly to the target PC via USB 3.0 as well.

Finally, Goryachy noted in his presentation that the problem only resides with Intel’s sixth- and seventh-generation Core ‘U’ processor platforms. Obviously, Intel is now fully aware of the report, but there is really no cause for alarm. Still, the debugging interface on affected PCs can be deactivated if needed. Even more, Intel Boot Guard can be used to prevent malware and unauthorized software from making changes to the system’s initial boot block.

This story was originally published in January 2017. Updated on 01-17-2017 by Kevin Parrish: Added Intel’s response regarding the potential access to its processors.  

Editors' Recommendations

Topics
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
How to download a video from Facebook

Facebook is a great place for sharing photos, videos, and other media with friends and family. But what if you’d like to download a video to store offline? This means you’d be able to watch the clip on your PC or mobile device, without needing to be connected to the internet. Fortunately, there’s a way to download Facebook videos to your everyday gadgets, although it’s not as straightforward a process as it could be.

Read more
LG just knocked $300 off this 16-inch lightweight laptop

For those people who are constantly on the go, grabbing a thin and light laptop makes life a lot easier, especially since they tend to weigh a lot less while also having very capable performance. Unfortunately, that does come at a bit of an extra cost, so we're happy to see this deal from LG on the UltraPC laptop that knocks it down to just $700 from its usual price of $1,000. That's an excellent price for a laptop that can outperform competitors at the same price range, even with the discounted price.

Why you should buy the LG UltraPC laptop
This new version of the Ultra PC is a big upgrade on the previous LG UltraPC laptop and follows the same lineup of LG's very thin laptops like the LG Gram 17, so LG has quite a lot of experience in this market. That's pretty obvious by the fact that the UltraPC has a tiny 0.64-inch thickness, making it thinner than many books. It doesn't lose out on other features, though, and it still comes with a pretty substantial 16-inch screen that runs a modified FHD resolution of 1920 x 1200, which may be a bit low for such a nice laptop, but it's not a dealbreaker if it helps keep the price down. The keyboard is also great to use, and while the previous version of the UltraPC had a comically small touchpad, this new one is a lot more substantial and useful.

Read more
How to do hanging indent on Google Docs

The hanging indent is a classic staple of word processing software. One such platform is Google Docs, which is completely free to start using. Google Docs is packed with all kinds of features and settings, to the point where some of its more basic capabilities are overlooked. Sure, there are plenty of interface elements you may never use, but something as useful as the hanging indent option should receive some kind of limelight.

Read more