| Page 1 of 1 |
Invasor
Moderator
Posts: 7638
Location: On the road
|
 Posted: Wed, 12th Aug 2015 21:55 Post subject: Design flaw in Intel processors opens door to rootkits |
|
 |
| Quote: | A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers, a security researcher said Thursday. Such malware could be undetectable by security products.
The vulnerability stems from a feature first added to the x86 architecture in 1997. It was disclosed Thursday at the Black Hat security conference by Christopher Domas, a security researcher with the Battelle Memorial Institute.
By leveraging the flaw, attackers could install a rootkit in the processors System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers.
Once installed, the rootkit could be used for destructive attacks like wiping the UEFI (Unified Extensible Firmware Interface) the modern BIOS or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldnt help, because they too rely on the SMM to be secure.
The attack essentially breaks the hardware roots of trust, Domas said.
Intel did not immediately respond to a request for comment. According to Domas, the chip maker is aware of the issue and has mitigated it in its latest CPUs. The company is also rolling out firmware updates for older processors, but not all of them can be patched, he said.
To exploit the vulnerability and install the rootkit, attackers would need to already have kernel or system privileges on a computer. That means the flaw cant be used by itself to compromise a system, but could make an existing malware infection highly persistent and completely invisible.
Domas only tested the exploit successfully on Intel processors, but noted that x86 processors made by AMD should in theory be vulnerable as well.
Even if BIOS/UEFI updates are made available by computer manufacturers, their rate of adoption is likely to be very low, especially among consumers.
Unfortunately theres not much users can do, except try not to become infected by malware in the first place that could gain kernel privileges to deploy such a rootkit. |
http://www.itworld.com/article/2965875/security/design-flaw-in-intel-processors-opens-door-to-rootkits-researcher-says.html
|
|
| Back to top |
|
|
Invasor
Moderator
Posts: 7638
Location: On the road
|
| Posted: Wed, 12th Aug 2015 21:56 Post subject: |
|
|
I wonder if this is a flaw or a government requirement...
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 12th Aug 2015 22:25 Post subject: |
|
|
Last edited by paxsali on Thu, 4th Jul 2024 21:42; edited 1 time in total
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 12th Aug 2015 22:34 Post subject: |
|
|
read about it earlier this week. think they clearly stated (the guys who found that) that it was build into cpus TILL 2010. so all newer cpus dont have that issue. stay calm and get your panties up again
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 12th Aug 2015 23:31 Post subject: |
|
|
New conspiracy theory: They want to make everyone upgrade and shell out money for new hardware!
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13516
|
| Posted: Wed, 12th Aug 2015 23:56 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 06:08; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
ixigia
[Moderator] Consigliere
Posts: 65081
Location: Italy
|
| Posted: Thu, 13th Aug 2015 00:14 Post subject: |
|
|
| Nalo wrote: | | It's not a flaw, it's a feature |
Hahah 
I see you, nsa!
 |
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Epsilon
Dr. Strangelove
Posts: 9240
Location: War Room
|
| Posted: Thu, 13th Aug 2015 12:08 Post subject: |
|
|
| Janz wrote: | | freiwald wrote: | | Janz wrote: | | read about it earlier this week. think they clearly stated (the guys who found that) that it was build into cpus TILL 2010. so all newer cpus dont have that issue. stay calm and get your panties up again |
but i got a i5 750  should i keep my panties down then? |
keep them down, bend forward and just relax  |
The pain will only be passing, you should survive the process. |
|
| Back to top |
|
|
Frant
King's Bounty
Posts: 24640
Location: Your Mom
|
| Posted: Thu, 13th Aug 2015 13:37 Post subject: |
|
|
A very very similar article about a "flaw" in the SMM in most x86-CPU's was released at Black Hat 2009.
http://theinvisiblethings.blogspot.se/2009/03/attacking-smm-memory-via-intel-cpu.html
If I put my tinfoil hat on I'd guess that we're talking about an NSA-demand. NSA, Israel and other countries/agencies close to NSA/USA won't let people and organisations worldwide have anonymity. They want to have as many "panic buttons" as possible to shut down whatever they feel is necessary.... Like the Iranian nuclear power plant computers.
Intel can fix those issues with Microcode updates (either by patching or disabling some aspects of those functions). Won't happen though unless there are several other hardware backdoors that NSA and their "fellowship secret organisations" can use instead.
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
"The sky was the color of a TV tuned to a dead station" - Neuromancer
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 13th Aug 2015 13:45 Post subject: |
|
|
dont think thats related to any nsa stuff or similar. that "flaw" comes from an era where the "internet" (lets put it in " " cause back in the days it wasnt even comparable to what we got in the beginning of the 90s) wasnt even accessable for anyone except the military
|
|
| Back to top |
|
|
Invasor
Moderator
Posts: 7638
Location: On the road
|
| Posted: Thu, 13th Aug 2015 14:45 Post subject: |
|
|
| Janz wrote: | | dont think thats related to any nsa stuff or similar. that "flaw" comes from an era where the "internet" (lets put it in " " cause back in the days it wasnt even comparable to what we got in the beginning of the 90s) wasnt even accessable for anyone except the military |
That's a strong argument. Doesn't mean they never used such "flaw" though...
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 13th Aug 2015 15:40 Post subject: |
|
|
and to be more concrete i think access to that security hole isnt even possible via a virus or anything else internet related. you need direct low level access on that device, so no need to worry for normal users. unless you expect some security agencies to break into your home when you are away and install that shit
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 13th Aug 2015 16:46 Post subject: |
|
|
CPU firmware updates 
| Lutzifer wrote: | | and yes, mine is only average |
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 13th Aug 2015 16:57 Post subject: |
|
|
microcode updates, can be applied either via bios updates or via system updates for the os (which are ofc only temporary active while the os is running)
|
|
| Back to top |
|
|
thudo
Posts: 6309
Location: Mellonville North, Canada
|
| Posted: Thu, 13th Aug 2015 17:09 Post subject: |
|
|
Yeah 20 year old exploit, many systems built and deployed later, where is my exploit?  Come on! I'm right here! 
MSI GT72S 6QF Dominator Pro S 29th Anniversary Intel i7 6820HK @ 4.0Ghz, 32GB DDR4-2133 RAM, 2x256GB Raid0 Toshiba NVMe 2.5 inch PCIe SSD, Nvidia Geforce GTX 980 OC'ed 200+ Core / 200+ Mem, 17.3 inch LG IPS HD Display @ 75Hz, Intel 7265AC Wifi, Windows 10 Pro BIOS version: .112 EC Firmware version: .105
Current Broadband speed record: 329.1 Mb/sec down // 21.73 Mb/sec up
http://www.dslreports.com/speedtest/3933292.png
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
