Intel Skylake and Newer CPUs Expose JTAG Over USB. “GOD Mode” Attack Details to Come.


As if the Minix OS that runs on the chipset of ALL Intel processors isn’t enough…it has now been shown that you do not even need any complicated steps to get to the IntelMe engine.  You can now access JTAG over ANY PCH(southbridge) and it is called DCI(Direct Connect Interface).  With this JTAG access you can access the Minix IntelME directly from USB with no additional security.  You can run ANY code(even unsigned) on the MinixOS which has total control of the system.  This runs at a lower level than the operating system and even the on board firmware.  We will get the full details at BlackHat Europe in December.  I will keep a very close eye on this you can be sure.  This also highly verifies my future build as being AMD based…along with all future recommendations until this MinxOS monstrosity is removed.  EVERY machine with an Intel chip that is Skylake or above is EASILY compromised while being essentially undetectable.  The only mitigating factor is that physical access to the machine is required.  Older Intel chips still have this IntelME on them..they just are more difficult for a drive by physical attacker to compromise.

You can read about it at the following links:

More technical details(with exterior links)

here’s a discussion about this on GRC.com by Steve Gibson.  I have pasted the relevant section below:

STEVE:  You're not going to believe this one.
LEO:  Uh-oh.
STEVE:  I know you have heard the term JTAG, the JTAG port or a JTAG connection.  It's been around since 1985.  JTAG itself stands for the Joint Test Action Group.  But it's most known by anybody who's been playing with embedded stuff, like hard drives have a JTAG interface.  In fact, Leo, you've been changing firmware on some of your devices using JTAG.
LEO:  Yeah?  I didn't know that.
STEVE:  That's what it is.  It's a low wire count, sometimes two-wire, sometimes three or four, which is a universal standard.  So any embedded processor has a JTAG interface.  All the ARM chips and the TI chips, all of, I mean, the PIC chips, all these embedded processors, they have a JTAG interface.  And it is incredibly powerful.
With a JTAG interface, which typically has a clock and a mode and a data in and a data out, it is possible to halt the processor, to read out the contents of its registers, to change the contents of its registers, including the program counter, allowing you to cause it to start executing from somewhere else.  You can single-step it so you can say execute one instruction.  Then you can again read out all the contents of its registers.  In other words, it is a very powerful debugging interface.
You can attach this JTAG programmer, as they're called, clip it on the back of the chip, or find these JTAG programming pins on a device and essentially completely take it over remotely.  When people have hacked hard drives or sucked the firmware out of a hard drive, it's the JTAG interface that allowed them to do that.  And you're able to change the contents.  You're able to read and write RAM, read and write ROM, suck out the firmware.
Now, it's possible to blow a fuse, as it's termed, after using this JTAG interface to do programming.  And after you verify it's what you want, you're then able to irreversibly blow a JTAG programming fuse that turns off either some or all of the functionality in order to prevent, for example, your competition from reading out the contents of your firmware in your proprietary device.  So that can be done.  But believe it or not, a group known as Positive Technologies will be providing full information next month, but they have determined and revealed that, starting with Skylake and all subsequent chips, so Intel's Skylake chipset and subsequently, Intel - it's hard for me to even say this - has added an external JTAG interface to the USB ports.
LEO:  Well, it's convenience.
STEVE:  Oh, my lord.
LEO:  Wow.  That's kind of amazing.
STEVE:  Oh, it's just - it's breathtaking.  They call it the "god-mode hack" because it is.  Now, it's not remote.  So, I mean, thank goodness.  But it means that somebody having physical proximate access to a USB port on a motherboard from Skylake onward is able to essentially do anything they want.  This is complete access to the Intel Management Engine through the motherboard's USB ports.  Intel has an acronym.  They call it DCI, Direct Connect Interface.  How convenient.
LEO:  I take it they didn't blow the fuse on it.
STEVE:  Apparently not because these guys are going to demonstrate next month that it is possible to run unsigned code on the platform controller hub.
LEO:  Just plug in a USB.
STEVE:  Any, yes, any given motherboard from Skylake and after.  And essentially...
LEO:  Is there not a fuse?  Maybe, I mean, can I retroactively blow the fuse?
STEVE:  The problem is that would disable what Intel apparently thinks is for some reason useful.  So it's just beyond me.  Hopefully we will hear a statement from Intel about how they explain this.  But, I mean, the JTAG port, it is god.  I mean, it is a full debugging interface.  And they said, oh, well.  Remember last week we were talking about what was required.  You had to go find the little BIOS chip, eight pins on the motherboard, and get out your soldering iron and your microscope and attach stuff.  No.  Turns out just plug in a sufficiently configured USB device, and you're good to go.
LEO:  Wow.
STEVE:  Making the world much easier for the rest of us.
LEO:  I'm going to pour some epoxy in my USB ports.
STEVE:  Wow.  Yes.
LEO:  I'm thinking, I'm just thinking some of the usefulness would be in manufacture.  If you update your BIOS on your motherboard, and you fry it, that would be one way they could get in and replace the firmware and the motherboard, I would guess; right?
STEVE:  Yeah.  I just, I mean, you could have a dedicated JTAG port.  Why export it over USB?
LEO:  Yeah, that makes it pretty easy and convenient.  It's easy to update.
STEVE:  Now, who are they saying "yes, sir" to is what comes to mind.  I mean, yes, not a remote hack.  But, boy, it does mean that drive-by system, deep system compromise becomes possible.
LEO:  You've got a little device, you plug it in the USB port, press a couple of buttons, bzzz bzzz bzzz, walk away, and you now own that system; right?
STEVE:  Yup.  Yup.  You've just changed the core, as it's known, Ring -3.  You've got...
LEO:  It's that low.  It's so low that you couldn't - and of course antivirus wouldn't, I mean, talk about rootkit, antivirus wouldn't see it because it's in the firmware.
STEVE:  Yes.  That is, it is the processor which is executed before the main processor starts.  And we've already seen that it's possible for that code to be injected into the address space of the higher level Intel processor.  So, yeah, it's a complete sub-rootkit capability.
LEO:  Wow.  
STEVE:  Amazing.
LEO:  I wonder what Intel's response is to this.
STEVE:  That's going to be interesting.
LEO:  They need to take this Management Engine out of all future chips.  That's ridiculous.
STEVE:  Yeah, it's really, I mean, and I'm sure we've talked about how Google is scrambling around trying to get it out of their servers in all their server farms because it just...
LEO:  Oh, it's in everything.
STEVE:  ...terrifies them, yeah.
LEO:  Is there a physical hardware way to disable it?  There's no trace.  It's in the die; right?
STEVE:  But the problem is, if this is a JTAG interface, this overrides.  There is a bit, that bit that the NSA uses because the NSA doesn't want this in their hardware, either.  
LEO:  No.
STEVE:  So there is a bit...
LEO:  They want it in our hardware, not their hardware.
STEVE:  Exactly.  There's a bit that they can set which causes only those two critical modules, those boot config modules, to just - because you need this thing to set the clock frequencies and set the wait states on the DRAM.  It's that our motherboards are so, the BIOSes are so capable now, where you're able to change, like, wait states and clock speeds and everything, it's just amazing.
Well, all of that flexibility is this IME.  That's the processor running this MINIX OS which allows all that to happen.  Because that has to happen underneath the main Intel CPU in order for it to even get up and going.  So what this bit does that the NSA can set is it causes only that to happen.  And then all those other modules, for example that module that was causing me to, well, I was going to say "pull out my hair," but no, apparently I did that already.
LEO:  Because you had a vPRO Ethernet card.
STEVE:  Because I had, yeah, actually it was an older motherboard that was having some sort of ARP storm caused entirely by the fact that this Intel Management Engine was doing its own thing on the port I was using.  All I had to do was switch to the secondary port.
LEO:  Because that port was the vPRO.
STEVE:  Which the IME is - yeah.
LEO:  That was the managed Ethernet port.  Now, previous hacks of the IME have required that you have it be enabled and it be a vPRO machine.  But it sounds like this IME is in every chip Intel makes; right?
STEVE:  Yes.  It is the thing...
LEO:  There's just no interface to it on non-vPRO systems.
STEVE:  Right.
LEO:  But there's still a JTAG interface.  Or no?
STEVE:  Well, it's the same chipset.  It's the chipset.
LEO:  It must be; right.
STEVE:  Yes.  Wow.  And, I mean, I'm sure everywhere is like, at the moment we get more information, this makes the hack we talked about last week obsolete immediately.
LEO:  Right, right, right.
STEVE:  No.
LEO:  I don't need that thing.
STEVE:  You don't even need to open your box.
LEO:  I don't need to clip on.
STEVE:  Exactly.  There will be how-to's, like how to turn off your IME forever.  Plug this in, and it's going to be shut down.
LEO:  Well, that's what somebody should make is a USB key you plug in that disables IME.
STEVE:  That absolutely will happen.
LEO:  Oh, I hope so.
STEVE:  We can predict that now.
LEO:  They could sell that for a hundred bucks.  I would buy it right away.