Intel Skylake Flaw Allows Full System Control Over USB
Bohs Hansen / 4 years ago
Intel has had quite a bit of success with their Skylake processors, and with good reason. They perform great. However, security researchers have found a new bug in some of these processors that can allow anyone to get full system control via the USB 3.0 ports. That’s a big and severe bug.
As TweakTown reports, the security vendor Positive Technologies discovered the vulnerability that could allow anyone capable of handling a USB flash drive full system access – with the proper pre-setup drive. The bad news is that there currently is no defence nor detection of this while the good news is that it only seems to affect the U-series CPUs. The reason for the flaw is that parts of the debug interface can be accessed this through the USB port and allow anyone with enough knowledge to upload keyloggers and any other malicious code that pleases them.
“These manufacturer-created hardware mechanisms have legitimate purposes, such as special debugging features for hardware configuration and other beneficial uses. But now these mechanisms are available to attackers as well. Performing such attacks does not require nation-state resources or even special equipment,” said Maxim Goryachy and Mark Ermolov at the 33rd Chaos Communication Congress in Hamburg, Germany.
The case has been reported to Intel, but the mechanism can be exploited on Intel U-series Skylake processors. So while most high-end systems are secure, a lot of portable systems such as Laptops and compact IoT equipment such as NUCs are vulnerable to this flaw. Maxim Goryachy continued: “As of today, no publicly available security system will detect it.”
With news such as this, I’m happy that most power-efficient systems that I own are Haswell or AMD-based, but how about you. Do you have any Intel Skylake-U series systems running and is this a security issue that worries you? Let us know in our comment sections.