A flaw in Skylake processors allows full system control via USB
Intel’s 6th generation of processors Skylake had a good run and products from this lineup are still widely used. Most manufacturers already updated their products with the new Kaby Lake CPUs but that doesn’t mean that everyone made the transition. So while in the past few months Kaby Lake is all around the news now Skylake made its way to the front row but unfortunately not for good.
Security vendor Positive Technologies reported a flaw in some of Intel’s CPUs that allows the debugging interface to be accessed via a USB 3.0 port. Good news is that the flaw is present only in the U-series chips, the bad news is that it’s a major flaw that gives hackers full system control. Maxim Goryachy and Mark Ermolov gave a speech at the 33rd Chaos Communication Congress in Hamburg. Here is what they had to say:
“These manufacturer-created hardware mechanisms have legitimate purposes, such as special debugging features for hardware configuration and other beneficial uses. But now these mechanisms are available to attackers as well. Performing such attacks does not require nation-state resources or even special equipment.”
Maxim Goryachy also added: “As of today, no publicly available security system will detect it.” So if you own a system with U-series Skylake processor we advise you to be extra careful.
Meanwhile, you can check some laptops with the new Kaby Lake processors here: http://amzn.to/2j40VPg