Security vendor Positive Technologies has discovered a bug in some Intel Skylake CPUs that allows an attack to take full control over the system through USB. The culprit is the debugging interface of the CPU that can be accessed through USB.
Positive Technologies discovered that on some Intel CPus the debugging interface is accessible through USB 3.0. This allows specially prepared USB sticks to take full control over the computer. With full control over the computer it's possible to install malware of eavesdrop on activity on the computer without detection of security software. It's also possible to brick the PC because the debugging interface makes it possible to fully overwrite the BIOS.
The bug is relatively easy to exploit as no special equipment is required, according to the researchers. However, attackers do need physical access to the system and the bug only appears to be only present on Skylake U CPUs that are only used in NUCs and Ultrabooks.
On older CPUs this was not possible because the debugging interface could only be accessed using a special (expensive) device.
The security researchers demonstrated their method (video) during the 33rd Chaos Communication Congress held in Hamburg, Germany.
