Security researchers report that hackers can exploit Intel VISA chip vulnerabilities to sniff host data through signals flowing through some computer system motherboards. The Intel technology is called Visualization of Internal Signals Architecture (VISA) which can be exploited. The architecture resides in the Platform Control Unit (PCH) of Intel Computer Systems and is controlled by the Intel Management Engine (IME). VISA technology is designed to provide a flexible signal analysis processor for debugging computer hardware, especially computer system boards.
The Intel Management Engine that controls VISA is a small, low-power embedded computer loaded with a modified version of the MINIX operating system. Although Intel did not promote the IME too much, its existence was known a few years ago. VISA technology was discovered last year by security researchers at Positive Technologies.
Intel does have documentation on VISA technology, but it is strictly controlled by its confidentiality agreement. However, two researchers at Positive Technologies reported that they discovered the capabilities of VISA technology and found ways to enable it, which could be used to discover the internal mechanisms of its host computer system.
On March 28th, researchers revealed their findings at the Black Hat Asia Conference, claiming that they previously discovered exploits from the IME that executed unsigned code (INTEL-SA-00086), which could also be used to access VISA hardware. The VISA feature on commercial computer systems is usually disabled, but the Positive Technologies team can use the IME to enable VISA functionality. Once accessed, the PCH details can be ascertained, and the data can be found from the computer and the peripheral data can be read. Basically, the vulnerability gives hackers full access to the computer.
In response, Intel announced that an update to the IME in 2017 has fixed the vulnerability. But the researchers said that if the firmware was downgraded to an earlier version, the VISA hardware and the data it could read would still be accessible. In the face of doubts, the researchers revealed to the media that the vulnerability only affects Intel processors of the 6th generation and beyond, including Skylake and Kaby Lake, and will continue to exist in future Intel processors.