I wouldn't trust ME with a VISA either
Now, this in and of itself isn't so strange. Many chips have debugging features like this, because many chips including our POWER9s are just that complicated, and to get into VISA requires admin-level rights (though one could reasonably ask why it wasn't hardware-disabled at the factory). Of course, if you can combine it with a vulnerability that would give you admin-level rights, like, oh, I dunno, the Intel Management Engine, then you have the entire system bus at your disposal. Although Intel argues that the exploit requires physical access as well, the researchers say no hardware modification is required and hint at other simpler methods of exploit.
A superficial analysis like The (Usually More Perceptive) Register's handwaves this away. After all, the exploit they use was fixed in 2017, and frankly if you could get into ME you'd just do that, so no problem, right? Except for three things: one, Intel didn't document this in the first place, so this is the first we've heard that VISA actually exists in shipping chips; two, what's to say this couldn't be exploited by the next Management Engine (or anything else) flaw that comes down the pike; and three, you can't turn ME or VISA off! You can do various things to hobble ME (including this utility from the authors of this very Black Hat presentation), but you can't get rid of it completely. While in practical terms attacking VISA is unlikely to be something widespread in the near future, Intel's attempt to lock it down under NDAs and secrecy doesn't speak well of how much you can trust an Intel CPU.
Most of all, how many of you wanna bet that this is the last little black box to be found in Intel chips? Yeah, I wouldn't trust ME with a VISA either.
Comments
Post a Comment
Comments are subject to moderation. Be nice.