Debugging mechanism in Intel CPUs allows seizing control via USB port

Some Intel CPUs have JTAG over USB 3 debugging built-in. This could be good for debugging but is really bad for computer security.

“starting with the Skylake processor family in 2015, Intel introduced the Direct Connect Interface (DCI) which provides access to the JTAG debugging interface via common USB 3.0 ports.”

Having the DCI interface enabled is sufficient to make target computers vulnerable. Researchers found that  on many computers, DCI is enabled out-of-the-box and not blocked by default.

This mechanism in Intel CPUs could lead to a whole new class of Bad USB-like attacks. Fortunately this mechanism can be exploited only on Intel U-series processors (used on laptops and NUC) at the moment.