Ignore the noise about a scary hidden backdoor in Intel processors: It's a fascinating debug port

VISA: It's everywhere (on the system bus) you want to be

Researchers at the Black Hat Asia conference this week disclosed a previously unknown way to tap into the inner workings of Intel's chip hardware.

The duo of Mark Ermolov and Maxim Goryachy from Positive Technologies explained how a secret Chipzilla system known as Visualization of Internal Signals Architecture (VISA) allows folks to peek inside the hidden workings and mechanisms of their CPU chipsets – capturing the traffic of individual signals and snapshots of the chip's internal architecture in real time – without any special equipment.

To be clear, this hidden debug access is not really a security vulnerability. To utilize the channel, you must exploit a 2017 elevation-of-privilege vulnerability, or one similar to it, which itself requires you to have administrative or root-level access on the box. In other words, if an attacker can even get at VISA on your computer, it was already game over for you: they need admin rights.

Rather, Ermolov and Goryachy explained, the ability to access VISA will largely be of interest to researchers and chip designers who want to get a window into the lowest of the low-level operations of Chipzilla's processor architecture.

What lies within

VISA is one of a set of hidden, non-publicly or partially publicly documented, interfaces called Trace Hub that Intel produced so that its engineers can see how data moves through the chips, and to help debug the flow of information between the processor and other hardware components. Specifically, the Platform Controller Hub, which hooks up CPU cores to the outside world of peripherals and other IO hardware, houses Trace Hub and VISA.

"This technology allows access to the internal CPU bus used to read and write memory," the duo told The Register. "Using it, anyone now can investigate various aspects of hardware security: access control, internal addressing, and private configuration."

Alongside VISA is an on-chip logic analyzer, and mechanisms for measuring architecture performance, inspecting security fuses, and monitoring things like speculative execution and out-of-order execution.

So, if the VISA controller isn't much help to directly pwn someone else's computer, where would it have use for non-Intel folks? Goryachy and Ermolov say that hardware hackers and researchers focused on the inner-workings of Intel chips would find VISA of great use when trying to suss out possible side-channel or speculative execution issues, secret security configurations, and so on.

"For example, the main issue while studying the speculative execution is getting feedback from the hardware," they explained. "This technology provides an exact way to observe the internal state of the CPU or system-on-chip, and confirm any suppositions."

The full slide presentation for the VISA system can be found on the Black Hat Asia website and demo videos are here. ®

Broader topics

Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022