Intel VISA (Visualization of Internal Signals Architecture)

2019: Detection of undocumented technology in chips of Intel

On March 28, 2019 Positive Technologies reported that her experts Maxim Goryachy and Mark Yermolov provided the research devoted to unknown earlier general public of technology in chipsets and processors Intel. It allows to read out data from memory and to intercept signals of peripheral devices. In spite of the fact that Intel of VISA is by default disconnected on the commercial systems, experts found several methods of its activation.

Researchers found out that the chips of PCH (Platform Controller Hub) set on motherboards of modern PCs based on Intel contain the full-fledged logical signal analyzer which is called Intel Visualization of Internal Signals Architecture (VISA). This technology gives the chance to trace a status of internal circuits and buses of a system in real time. The similar analyzer is implemented also in modern Intel processors.

Through a chip of PCH which was investigated by experts interaction of the processor with peripheral devices (the display, the keyboard, the webcam, etc.) therefore this chip has access practically to all data of the computer is performed.

We found out that it is possible to be connected to Intel of VISA on ordinary motherboards, and the special equipment for this purpose is not required — the expert of Positive Technologies Maxim Goryachy tells. — Using VISA we managed to reconstruct internal architecture of a chip of PCH partially.

Researchers assume that Intel of VISA is used for verification of presence of defects by production of chips of Intel. At the same time, thanks to a huge number of parameters, this technology allows to create own rules for capture and the analysis of signals which can be used by malefactors for gaining access to crucial information.

Maxim Goryachy and Mark Yermolov showed how it is possible to read out signals from internal buses of information transfer (for example, the buses IOSF Primary, Side Band and Intel ME Front Side Bus) and other internal PCH devices, unauthorized access to which allows to intercept data from memory of the computer.

The vulnerability of INTEL-SA-00086 in a subsystem of Intel Management Engine which is earlier revealed by experts Positive Technologies which is also integrated into a chip of PCH allowed to analyze technology. The shortcoming of IME gives to malefactors the chance to attack computers — for example, to set spyware in the code of this subsystem. For elimination of this problem there is not enough updating of the operating system, installation of the corrected version of a firmware is necessary.