As if Spectre and Meltdown weren’t enough already, there’s a new fundamental vulnerability in Intel microchips that was presented by two researchers of Positive Technologies in a yesterday’s speech at the Black Hat conference in Singapore. The problem lies in the Intel VISA (Visualization of Internal Signals Architecture) technology, which acts as a signal analyzer that intercepts signals that are sent from internal buses and peripherals to the PCH (Platform Controller Hub). According to the two researchers, Mark Ermolov and Maxim Goryachy, it is possible for someone to access VISA, create custom signal capturing rules, and collect sensitive data at the lowest operational level.
Intel suggests that the VISA system is entirely safe, and it's disabled by default on commercial systems anyway. Moreover, they explain that the vulnerability that the researchers used for their recent demonstration was plugged on November 20, 2017, and so anyone who has applied the patch is in no danger of having their chipset’s VISA exploited. However, the researchers insist that they have formulated several methods with which they could enable VISA and sniff data that passes through the IOSF Primary, Side Band, and the Management Engine FSB. In their demonstration, they have performed no hardware modifications whatsoever, so Intel’s response about the exploitation presupposing physical access was rebutted.
So, what type of data can be intercepted with a spyware code that would be planted in the VISA system? The answer is anything that comes from peripherals and internal buses. Your display, keyboard, and webcam are peripherals that can potentially yield highly sensitive data. As for the internal buses, intercepting data from the computer’s memory should be enough for any threat actor to be satisfied with what they get. This takes us to the next question that is, which Intel chipsets are affected by this vulnerability? As the PCH houses the Intel Management Engine since the release of the first generation of the “Core” processors back in 2008 and onwards, the vast majority of desktop and server systems out there are vulnerable.
All that said, and since the flaw is on the microchip, the only way to fix it is a firmware update. For now, the issue has just been revealed, and Intel immediately denied its existence. This means that we’ll have to wait and see if the flaw gets mitigated through an update, or if Intel will stand its ground on the matter by proving the researchers wrong.
Share your thoughts in the comments section below, or hop to our socials and join the discussions of our online community on Facebook and Twitter.