A threat that lies within the Intel Visualization of Internal Signals Architecture (VISA) is being taken advantage of by attackers, allowing them to capture data as it is transmitted over the network. The feature is being implemented to aid the developers in testing the products when they are still on the production line. If an attacker gains access to the feature, they would be able to pull data from the memory and plant spyware within it without being noticed. One of the ways it is being done is through the Intel Management Engine (ME), although much information is not available because of the secretive nature of the engine. We do know it is available in Nehalem processors and 5-series chipsets. Although researchers have proved the vulnerability to still be executable, Intel is refusing to admit to the issue and are claiming their patch was released over two years ago. The firmware can be downgraded to allow for it to take over the ME and VISA.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased