Intel responds to report about hackers gaining access to a debugging interface

Intel responded to a claim about hackers gaining hardware-level access to PCs sporting its sixth- and seventh-generation processors. The claim was made during a presentation at the 33rd annual Chaos Communication Congress conference in Hamburg, Germany, which showed how hackers could use a cheap device to gain access to a debugging interface embedded in hardware. The point of entry is through any USB 3.0 port on the device via Intel’s Direct Connect Interface (DCI) feature provided with its sixth- and seventh-generation platforms.

“Intel implemented a proprietary Intel Direct Connect Interface over USB for JTAG [Joint Test Action Group] debugging of closed chassis systems as a feature for 6th and 7th Gen Intel Core processor based platforms,” Intel told Digital Trends. “DCI is an integral part in enabling debug of today’s light and small form factor systems via industry standard JTAG protocols.”

Recommended Videos

That said, the hacking possibility revealed in the presentation is no cause for alarm. It’s not going to bring the world to a standstill. A hacker must have physical access to a PC in order to carry out this specific attack. Even more, if hackers do manage to gain physical access, they can just about perform any attack from any angle, whether it is through a USB port, breaking open the PC, and so on.

Intel points out that BIOS Guard will keep hackers from changing the firmware, and even if hackers do gain access to the debugging interface, they can’t gain access to Intel’s confidential instructions without grabbing a key from Intel through a non-disclosure agreement. Even more, encrypted hard drives can withstand against this specific attack.

“To provide additional security, the DCI interface is disabled by default per Intel specification and can only be enabled with user consent via BIOS configuration,” Intel told Digital Trends. “Physical access and control of the system is required to enable DCI.”

For a better understanding of what’s going on, start with the debugging interface created by the JTAG. This standard was originally designed to test printed circuit boards once they were manufactured and installed but has since expanded to processors and other programmable chips. Scenarios for using the interface include forensics, research, low-level debugging, and performance analysis.

The interface itself resides within the processor and programmable chips. In turn, JTAG-capable chips have dedicated pins that connect to the motherboard, which are traced to a dedicated 60-pin debugging port on a system’s motherboard (ITP-XDP). This port enables testers to connect a special device directly to the motherboard to debug hardware in relation to drivers, an operating system kernel, and so on.

But now the JTAG debugging interface can be accessed through a USB 3.0 port by way of Intel’s Direct Connect Interface “debug transport technology.” When a hardware probe is connected to the target Intel-based device, the USB 3.0 protocol isn’t used, but rather Intel’s protocol is employed so that testers can perform trace functions and other debugging tasks at high speed. Using a USB 3.0 port means testers aren’t forced to break into the PC to physically connect to the XDP debugging port.

Intel’s Direct Connect Interface appears to be embedded in the company’s sixth-generation motherboard chipsets, such as the 100 Series (pdf), and its processors. It’s also used in the new seventh-generation Kaby Lake platform as well, meaning hackers have two generations of Intel-based PCs to infest and possibly render useless, such as by rewriting the system’s BIOS.

As shown in the presentation by security researchers Maxim Goryachy and Mark Ermolov, one way of accessing the JTAG debugging interface through the USB 3.0 port is to use a device with a cheap Fluxbabbitt hardware implant running Godsurge, which can exploit the JTAG debugging interface. Originally used by the National Security Agency — and exposed by Edward Snowden — Godsurge is malware engineered to hook into a PC’s boot loader to monitor activity. It was originally meant to live on the motherboard and remain completely undetectable outside a forensic investigation.

However, as previously stated, hackers need to have physical access to a PC to take control and spread their malicious code in this specific JTAG-focused attack. Typically, the debugging modules in Intel’s processors require Intel’s SVT Closed Chassis Adapter connected via USB 3.0, or a second PC with Intel System Studio installed connected directly to the target PC via USB 3.0 as well.

Finally, Goryachy noted in his presentation that the problem only resides with Intel’s sixth- and seventh-generation Core ‘U’ processor platforms. Obviously, Intel is now fully aware of the report, but there is really no cause for alarm. Still, the debugging interface on affected PCs can be deactivated if needed. Even more, Intel Boot Guard can be used to prevent malware and unauthorized software from making changes to the system’s initial boot block.

This story was originally published in January 2017. Updated on 01-17-2017 by Kevin Parrish: Added Intel’s response regarding the potential access to its processors.  

Editors' Recommendations

Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The best MacBook to buy in 2024

Now that Apple has started outfitting its laptops with its M3 generation of chips, it's time to take another look at which is the best MacBook to buy in 2024. That’s not always easy, though, as buying the newest MacBook isn’t always the right decision. Apple has several tiers of performance, as well as various sizes, which can further complicate the matter.

What’s more, you can also still get M1 and M2 MacBooks, some from Apple’s own website and some from third-party retailers. But are they still worth your money? Our guide should help you decide.

Read more
9 best laptops of 2024: tested and reviewed

To earn the crown as the best laptop in 2024, a device needs to have it all: gorgeous design, killer performance, a productive keyboard, long-lasting battery life, and much more.

Each of the laptops below has been vetted thoroughly by Digital Trends. Whether it's an affordable Chromebook or a top-of-the-line gaming laptop, they've all been subjected to real-world testing, as well as benchmark and battery tests, to collect enough data to objectively pit them against each other.

Read more
All the ways Intel Macs are still better than Apple Silicon Macs

MacBooks are pretty amazing these days. Thanks to the efficiency of Apple Silicon, you get all-day battery life, as well as the ability to edit videos when unplugged from power. The new MacBook Air with the M3 chip is even good enough for gaming.

All of that is in contrast to the Intel Macs of the past.

Read more