Home / Component / CPU / Some Intel Skylake and Kaby Lake CPUs are open to a USB debug exploit

Some Intel Skylake and Kaby Lake CPUs are open to a USB debug exploit

It looks like current PCs based on specific Intel Skylake and Kaby Lake processors are vulnerable to a USB debugging exploit. Security researchers began openly discussing the vulnerability this week, which allows attackers to bypass security mechanisms and run malicious code via the USB debugging interface.

This specifically affects Intel's U-series of Skylake and Kaby Lake processors, which are lower powered processors typically used in OEM systems. The vulnerability could allow an attacker to go as far as rewriting your system BIOS but it does require USB 3.0 to work, along with a supported debugging interface, according to researchers at Positive Technologies.

bad_usb

Before Skylake came around, debugging was done through a special port on the motherboard that was not easily accessible. However, since then Intel has moved to a Direct Connect Interface, which allows access to the JTAG debugging interface through a USB 3.0 port, though only one port on any machine will be capable of accessing JTAG. This isn't something that would necessarily affect every day users, but it could be a big deal for servers or enterprise users.

This exploit can be used regardless of the operating system installed on the machine, so it can affect Windows, Mac and Linux. However, the issue has since been brought up with Intel, so they are aware of it and will hopefully look into fixing it.

KitGuru Says: Obviously for an attacker to pull this exploit off, they would either need to be physically at the machine or they would need to trick someone into plugging a dodgy USB in to the right port by themselves. Either way though, it is a security hole that could use some tightening, particularly now that it is public knowledge.

Become a Patron!

Check Also

AMD Krackan Point APU appears in the Geekbench database

AMD's next-gen Ryzen AI 300 series APUs are on the horizon, and a fresh Geekbench …

4 comments

  1. Take a look at following article to learn the way an individual mommy was able to acquire $89,844/year in her spare time on her PC without selling anything>>>FL-Y.COM/3m1e

  2. Only affects servers or enterprise users, and only on low powered processors. A low powered enterprise server is not common, me thinks

  3. Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !mj118d:
    On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it
    !mj118d:
    ➽➽
    ➽➽;➽➽ http://GoogleFinancialJobsCash118MediaBusinessGetPay$97Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★::::::!mj118d:….,…..

  4. Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !mj136:
    On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it
    !mj136:
    ➽➽
    ➽➽;➽➽ http://GoogleFinancialJobsCash136HomeVideoGetPay$97Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★::::::!mj136:….,…