USB debugging exploit

[silicon_toad2000]

https://www.overclock3d.net/news/cpu_mainboard/intel_skylake_and_kaby_lake_systems_are_vulnerable_to_a_usb_debugging_exploit/1



This vulnerability allows attackers to bypass security mechanisms by using a debugging interface exploit, which allows attackers to install malicious code, rewrite firmware and even rewrite your system's BIOS. This bug affects any system with a Skylake CPU that has a debugging interface that is accessible via USB 3.0. What is most scary about this exploit is that it is currently undetectable using existing security tools.

In the past, this kind of debugging was done using a special device which used a motherboard's specialised debugging port (which has a specialised connector), though since Skylake Intel has moved to a direct contact interface (DCI) that provides access to the JTAG (Joint Test Action Group) debugging interface through USB 3.0.

Thankfully this vulnerability has already been reported to Intel, though at this time this exploit leaves all systems with Intel U-series CPUs vulnerable, regardless of the OS or software used.

[GhostShip]

One point of note, if you know the checksum of your bios it is trivial to ensure that it at least is untampered with, however if the attacker is not simply wanting to mess with such a low level item but instead is looking for a "rootkit" style attack your on your own unless intel proffer some code that looks at instructions and machine cycles in some sort of ratio, of course i still own an athlon 

This type of issue will be small scale I believe simply because physical access is required to exploit the processor.