Security researchers have highlighted a previously unknown feature in Intel chipsets that could allow an attacker to intercept data from the computer’s memory. As a reminder, a chipset is a set of electronic components included in a pre-programmed integrated circuit for managing the digital data flows between the processor (s), the memory and the peripherals. The feature called Intel Visualization of Internal Signals Architecture (VISA) is considered a utility provided by the chip manufacturer for testing purposes on manufacturing lines.
Although the Santa Clara firm has not publicly disclosed the existence of Intel VISA and is extremely discreet about it, the researchers claim to have found several ways to enable this feature on Intel chipsets and capture the data manipulated by the processor. The presentation by researchers Mark Ermolov and Maxim Goryachy of Positive Technologies at the Blackhat Asia 2019 conference in Singapore shows that their exploits of Intel chipsets do not require any changes in hardware or special equipment. One of the techniques shared by the researchers involved vulnerabilities detailed in the Intel-SA-00086 notice that provide access to the Intel Management Engine (IME), thereby enabling Intel VISA. Access to VISA makes all the data on the machine vulnerable and accessible to the attacker.
Intel downplayed the exploit and explained that the Intel VISA issue required the attacker’s physical access to the machine, noting that vulnerabilities to the Intel-SA-00086 advisory he posted had already have been mitigated. The researchers, however, questioned Santa Clara’s claims that the corrected IME firmware could be downgraded (updated to an older version of the firmware) in order to make the chipset vulnerable again and allow the chipset to be downgraded. to access Intel VISA.