Positive Technologies security researchers announced at the Black Hat Asia 2019 security conference that they had discovered a feature in Intel chipsets. The function was previously unknown and not documented.
This is Intel Visualization of Internal Signal Architecture (VISA), reports ZDNet. According to researchers Maxim Goryachy and Mark Ermolov, VISA is in the company’s modern chipsets to help with testing and debugging on production lines. VISA is part of the Platform Controller Hub (PCH) chipset as part of modern Intel CPUs and works as a full logic signal analyzer.
According to the two investigators, VISA intercepts electronic signals sent from internal buses and peripherals to the PCH and later to the general CPU. However, the feature comes with a drawback: unauthorized access to the VISA feature allows an attacker to intercept data from computer memory, and to create spyware that works at the lowest possible level.
Abuse
However, very little is known about the new technology. According to the investigators, VISA’s documentation is subject to a confidentiality agreement and is therefore not available to the general public. However, this does not mean that Intel users are safe from possible attacks and abuse.
The researchers claim to have found several methods to turn on VISA and abuse it to view data coming through the CPU, and even through the mysterious Intel Management Engine (ME). In addition, their technology does not require any hardware modifications to a computer’s motherboard, nor does it require any specific equipment.
The simplest method is to use the vulnerabilities described in the Intel-SA-00086 security advisory to take control of the ME, after which VISA can be turned on. According to an Intel spokesman, that vulnerability was already solved in 2017, although Ermolov states that those patches are not enough. Intel firmware can be downgraded to vulnerable versions, where the attackers can take over Intel ME and turn on VISA.
In addition, there are three other ways to turn on VISA. Those methods become known as the organization of Black Hat to publish the presentation of researchers. This must be done in the next few days.
No vulnerability
Ermolov also states that VISA is not a vulnerability in the chipsets, but only a new way in which a useful function can be abused and set up against users. Moreover, there is little chance that VISA will be misused. If someone bothers to exploit the vulnerabilities to take over Intel ME, they probably use that component to launch their attack, rather than VISA.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.