HackDig : Dig high-quality web security articles for hacker

Intel and Lenovo have restricted access to debugging interface of CPUs after Positive Technologies' revelations

2017-04-16 22:35

Intel and Lenovo have released recommendations that help restrict access to JTAG debugging interface of processors which can be used by attackers. The insecurity was first discovered by Positive Technologies’ experts in December 2016.

At that time Positive Technologies’ experts Maxim Goryachiy and Mark Ermolov presented their findings, during a session at the Chaos Communication Congress (33C3) in Hamburg, explaining that modern Intel processors allow usage of the debugging interface via a USB 3.0 port available on many platforms to gain full control over the system. Modern security systems cannot detect such attacks.

In April 2017 Intel officially acknowledged this vulnerability and released a BIOS update that blocks access to the debugging interface via USB 3.0 port. It also thanked Positive Technologies’ experts Maxim Goryachiy and Mark Ermolov for raising the issue.

In addition, a special security bulletin was published by Lenovo, one of the main equipment manufacturers that uses Intel processors. Several other major vendors have not yet issued recommendations for blocking the attack.

A video of Maxim Goryachiy and Mark Ermolov talk at CCC 33C3 can be found below:


Slides are available here.


Source: 1244599371296098786-tsop.4270442007648399458-golb:9991,moc.reggolb:gat

Read:5137 | Comments:0 | Tags:No Tag

“Intel and Lenovo have restricted access to debugging interface of CPUs after Positive Technologies' revelations”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud