A serious vulnerability has been discovered in Intel processors that allows access to key data passing through the processor.
Last January 3 of this year began the worst year regarding computer security in history. We started the year knowing Specter and Meltdown, vulnerabilities that affect Intel, AMD and ARM processors. Since then it has been a trickle of security issues in software, social media, and just about everything. It seems that the end of the year will be especially difficult in the field of security for Intel. It has been leaked that new serious security flaws in Intel CPUs will be revealed in the coming days.
2018 will be a year to forget for Intel.
The company has many problems with processor stock and with 10nm lithography. We have seen this year how Specter and Meltdown were added to this. Now from Black Hat they report that "there are dozens of devices, invisible to the user, and that can access certain critical information"
A bug related to Intel Visualization of Internal Signals Architecture (VISA) would have been detected. Black Hat reports that the processors and their Platforms Controller Hub have a logic signal analyzer. This analyzer allows monitoring the status of the internal lines and the different buses in real time.
Through a security flaw (INTEL-SA-00086) researchers can access Intel VISA technology. This will be used to verify the processors on the production line. VISA documentation is completely private and is not available to ordinary users. Black Hat claims that they will show how to access this using conventional methods.
They claim that by accessing Intel VISA, the internal architecture of the PCH can be rebuilt. It has revealed that there are dozens of devices invisible to the user. In addition, critical processor information can be accessed.
Black Hat has adhered to the 90-day grace period given to companies to fix vulnerabilities. This deadline is not written anywhere, but is offered to prevent malicious attackers. The data will be published when the period ends and we will see if the company has some kind of patch, if it can be patched.