Intel Skylake, Kabylake Vulnerable to USB Port Debugging Exploit, Says Research
With every leap in a generation of hardware technology, new security factors come forward, most of them enhance the protection, however, few of them allow exploitation at a greater level. A recent research says Intel Skylake, Kabylake vulnerable to USB port debugging exploit.
The claim comes from a pair of researchers at Positive Technologies that Intel Skylake, Kabylake are vulnerable to USB Port debugging exploit. Furthermore, the claim says that exploit can allow attacker to take over full control of system. The Intel processors as cited by research claims that it starts with Skylake, and presumably Kabylake, though, researchers do not mention a specific 7th generation CPU.
However, research says that Intel U-series have a debugging interface and is accessible through USB 3.0 ports and that is potential source of exploit.
Moreover, for attackers with their tools, resources and equipment, research mentions:
These manufacturer-created hardware mechanisms have legitimate purposes, such as special debugging features for hardware configuration and other beneficial uses. But now these mechanisms are available to attackers as well. Performing such attacks does not require nation-state resources or even special equipment.
Additionally, regarding the severity of attack, research says, an attacker could use the vulnerability to spy on user and access his data. Or, even prevent the system from running by rewriting its BIOS, so that user cannot proceed further.
Furthermore, the research points towards the main problem, that is JTAG (Joint Test Action Group) debugging interface. Plus, it works below software layer and that troubleshooters can perform hardware debugging on the OS kernel and drivers.
But, the interesting thing here is the new generation of processors that allow debugging via USB 3.0 ports. That gives direct access to JTAG through Direct Connect Interface (DCI). Whereas, the previous generations specifically before the Skylake, this was done through a special device or equipment.
Previously, it required interface with motherboard’s debugging port (ITP-XDP) but things are much easier now. You plug-in USB, you initiate the exploit, easy.
Research further shed light on the possibility of occurrence of exploit. It tells all that an attacker needs is DCI interface enabled. This technically is enabled by default and that an attacker no longer requires some hardware or software tricks.
Maxim Goryachy and Mark Ermolov discovered the security flaw and remain highly concerned about the easy occurrence of exploit. However, the research says that only Intel U-series including laptops, NUCs remain highly prone to an attack.