Intel Skylake and Kaby Lake systems are vulnerable to a USB debugging exploit

Intel Skylake and Kaby Lake systems are vulnerable to a USB debugging exploit

Intel Skylake and Kaby Lake systems are vulnerable to a USB debugging exploit

Intel Skylake and Kaby Lake systems are vulnerable to a USB debugging exploit

 
Researchers at Positive Technologies have now claimed that Intel's U-Series Skylake and Kaby Lake series processors are vulnerable to a USB debugging bypass which could be used to attack systems. 
 
This vulnerability allows attackers to bypass security mechanisms by using a debugging interface exploit, which allows attackers to install malicious code, rewrite firmware and even rewrite your system's BIOS. This bug affects any system with a Skylake CPU that has a debugging interface that is accessible via USB 3.0. What is most scary about this exploit is that it is currently undetectable using existing security tools.
 
 
    This mechanism can be used on a hacked system regardless of the OS installed. The DCI can be used on any system with Intel U-series processor
 
In the past, this kind of debugging was done using a special device which used a motherboard's specialised debugging port (which has a specialised connector), though since Skylake Intel has moved to a direct contact interface (DCI) that provides access to the JTAG (Joint Test Action Group) debugging interface through USB 3.0. 
 
 
 
    An attacker could change the BIOS configuration (for example, by using a Flash memory programmer) when they have physical access to the equipment during manufacturing, storage or usage.
 
   Some BIOSs do not block the DCI configuration which is why there is the possibility of turning on the DCI,

  

Intel Skylake and Kaby Lake systems are vulnerable to a USB debugging exploit

 

This vulnerability can lead to a whole new range of "BadUSB" style attacks, not only being usable to corrupt systems but to infect them with Malware, spying tools and a seemingly limitless amount of other unwanted malware. 

Thankfully this vulnerability has already been reported to Intel, though at this time this exploit leaves all systems with Intel U-series CPUs vulnerable, regardless of the OS or software used.

 

You can join the discussion on Intel's U-Series CPU vulnerability on the OC3D Forums. Find all of the latest PC hardware and gaming news on the OC3D Homepage

 

«Prev 1 2 Next»

Most Recent Comments

11-01-2017, 18:37:20

green_arrow
Best way to prevent this exploit: chewing gum in USB 3.0 port Quote

12-01-2017, 03:55:09

Kleptobot
gasp, if someone has physical access to your PC they can hack it...Quote

12-01-2017, 12:06:49

eazyreis
Quote:
Originally Posted by green_arrow View Post
Best way to prevent this exploit: chewing gum in USB 3.0 port
Cement problably is better !! Quote

12-01-2017, 12:58:01

Chrazey
Quote:
Originally Posted by green_arrow View Post
Best way to prevent this exploit: chewing gum in USB 3.0 port
Quote:
Originally Posted by eazyreis View Post
Cement problably is better !!
Dynamite even better - blow their stuff up for trying to steal your stuff Quote

13-01-2017, 02:00:40

NeverBackDown
Quote:
Originally Posted by Chrazey View Post
Dynamite even better - blow their stuff up for trying to steal your stuff
You'd blow up much more than just there stuff......Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.