A new and undocumented feature in Intel chipsets can be abused by hackers


If you are using an Intel chip we got bad news for today, it seems that cybersecurity researchers found an unknown and undocumented feature in Intel chipsets that can be used in bad ways.

The exploitable feature is named Intel Visualization of Internal Signals Architecture (Intel VISA) which is a new utility included in modern Intel chipsets that are used for testing and debugging on manufacturing lines. VISA is present in every Platform Controller Hub (PCH) chipsets that are based on modern Intel CPUs.

The main function of VISA is to intercept electronic signals that are sent from internal buses and peripherals (display, keyboard, and webcam) to the PCH and finally to the main CPU, which means that VISA can expose the computer’s entire data if it’s exploited.

The only good news here is the fact that very little is known about this new technology because VISA’s documentation is subject to a non-disclosure agreement, and not available to the general public; but the fact that this is the only “security measure” that keeps Intel users safe from possible cyber attacks and abuse, is a very dangerous gamble because if someone devious reach this documentation it can do a lot of damage.

Even more worrying is the fact that cybersecurity researchers have already found several methods of enabling VISA and exploiting it to sniff data that passes through the CPU, and even though the secretive Intel Management Engine (ME).

When faced whit the facts Intel said it’s safe! Which is outrageous because each cyber attack technique doesn’t require hardware modifications to a computer’s motherboard and no specific equipment to carry out.

It can be done relatively fast and simple by a skilled hacker if he or she leverages the vulnerabilities detailed in Intel’s Intel-SA-00086 security advisory to take control of the Intel Management Engine and enable VISA that way.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Another report shows that the recent Intel-SA-00086 fixes are not enough, because Intel firmware can be downgraded to a vulnerable version very easy and then the take over of Intel ME and the enable of VISA will be just some procedural steps.

Besides this cyber attack, technique researchers also stated that are another three ways to enable Intel VISA which are not dependent on those vulnerabilities but for now are kept secret and will be disclosed only when a full fix will come out.

In conclusion, VISA is not a vulnerability in Intel chipsets, its just another good example of how a useful feature could be abused by hackers and turned against users. Another bad use of a good thing is the leveraging of the “manufacturing mode” feature found in the past year. Be aware if you use an Apple device because the company has accidentally shipped some laptops with Intel CPUs that were left in “manufacturing mode” and you can also be a danger.

We would continue to monitor these cybersecurity problems. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.