Threat Watch

Attackers Exposing Sensitive Data by Abusing Intel Chipset Feature

A threat that lies within the Intel Visualization of Internal Signals Architecture (VISA) is being taken advantage of by attackers, allowing them to capture data as it is transmitted over the network. The feature is being implemented to aid the developers in testing the products when they are still on the production line. If an attacker gains access to the feature, they would be able to pull data from the memory and plant spyware within it without being noticed.  One of the ways it is being done is through the Intel Management Engine (ME), although much information is not available because of the secretive nature of the engine. We do know it is available in Nehalem processors and 5-series chipsets. Although researchers have proved the vulnerability to still be executable, Intel is refusing to admit to the issue and are claiming their patch was released over two years ago. The firmware can be downgraded to allow for it to take over the ME and VISA.

ANALYST NOTES

Users should make sure to upgrade to the most recent version which will at least stall the process for attackers to be able to execute the vulnerability. Although Intel is denying it, users also want to be on the look out for a mitigation tactic from them as they are expected to look further into the issue. System checks should be run regularly to ensure that that the current version is not downgraded to the vulnerable one.