Before Skylake, this was done through a special device that connected to the motherboard's debugging port (ITP-XDP). It was not easily accessible, though - not everyone carries the relevant connections in order to access that kind of ports - so there was not much concern regarding the scale and impact of the attacks (if you recall, typical risk measurement considers both the severity of an exploit's effect as well as the probability of that exploit being explored). That changed when Skylake came out, which introduced the Direct Connect Interface (DCI) that provides access to the JTAG debugging interface through standard USB 3.0 ports - which are much more ubiquitous and easily accessible.
There are no hardware or software tricks needed for an attacker to exploit this, all that is required is that the DCI interface is enabled. On many systems, DCI is enabled by default. On those that are not, there are several ways to enable it. The researchers have already reported this vulnerability to Intel, though at this time there is no fix available. The fact that any individual with malicious intent needs to have physical access to the machine and its USB 3.0 ports makes this exploit a little more difficult to accomplish, but it would seem that workplaces or servers are particularly vulnerable.
Reply With Quote
Bookmarks