BoundHook Attack Exploits Intel Skylake MPX Feature

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,554
A post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus software or other security measures, researchers said. However, since the machine has to already be compromised to use this attack both Microsoft and Intel have no plans to patch for it. In lieu of a Microsoft patch, CyberArk researchers said admin should rein-in user account privileges to minimize the type of lateral and system penetration an adversary can carry out in a BoundHooking attack.

As was the case with GhostHook and also now with BoundHooking, Microsoft and Intel don’t see either as a vulnerability on their end. Both told CyberArk it will not patch the issue because the attack requires that the adversary already has already fully compromised the targeted system. Naim said that such an attack is within the realm of a nation-state attacker and that some well-known targeted intrusions such as Flame and Shamoon could easily make use of malware to establish a foothold on machines and networks. Once that foothold is established, adversaries can easily go unnoticed.
 
So both Intel and Microsoft basically are allowing backdoor's into compromised systems? So another words infiltrate one system then spread and unknowingly duplicate to the rest of the network since Intel and Microsoft aren't worried about it great nothing to worry about at all that's gotta make organizations feel much much safer.
 
Looks like the FBI and NSA are getting their wish: Technology companies just patch the vulnerabilities that "normal" people can pull off. I really hope this bites Intel, MS, etc. in the butt when Russia or NK exploits this.
 
umeng2002 said:
Looks like the FBI and NSA are getting their wish: Technology companies just patch the vulnerabilities that "normal" people can pull off. I really hope this bites Intel, MS, etc. in the butt when Russia or NK exploits this.
Click to expand...
You know the gov gets the no backdoor systems
 
Playing devils advocate. does this work on all programs or only MPX enabled programs? How much information do you need to actually know once you get in to actually do anything? Some times people find ways to do things that there is really no real way to ever do outside of a test. That would be like you having a room inside your house that you have to press 2 out of 20,000 buttons to open the door to, then somebody saying that isn't very secure because if somebody breaks into your house, then watches you press the two buttons they would know what two buttons to press. Or that passwords are not secure because if somebody breaks into your office, repositions your security cameras, then breaks into the camera feed they could then record your passwords. With this "flaw" somebody has to first gain full access to your system. Then has to make use of a intel feature for something other than its expected use (which may or may not be able to be patched again).

Good or bad, businesses will always have to focus on the cost of trying to fix a flaw vs the impact of not fixing it. They could always remove the feature, but maybe it actually increases security to a certain degree by removing X number of security holes and ends up creating 1 new one in exchange for all the ones it removes.
 
It's not a backdoor or anything. It's a a technique for hiding execution on an already compromised system. "Features" of Windows 10 and Skylake provide a safe haven for this little trick to occur unnoticed. I'm not surprised that Microsoft isn't taking it seriously.
 
velusip said:
It's not a backdoor or anything. It's a a technique for hiding execution on an already compromised system. "Features" of Windows 10 and Skylake provide a safe haven for this little trick to occur unnoticed. I'm not surprised that Microsoft isn't taking it seriously.
Click to expand...

That's a fair point... but the reason why they're not taking it seriously is that it's hard to pull off.

However, this exploit is a goldmine for NSA, FBI, etc. because once they penetrate a system... which is easy for them... they hide their activity on the compromised system.

I'd bet money alphabet agencies ASKED M$ to not close this or Intel to fix it in later CPUs.

It's like a safe manufacture not fixing his broken safe by saying, "well you shouldn't let a burglar break into your house in the first place."
 
viscountalpha said:
Does linux provide some protection against these exploits?
Click to expand...

From my understanding it's dependent on the way Windows 10 uses those particular processor instructions. It's not that we need to protect against it, it's that we need not utilize the features in such a lazy way.
 
I should really look into dual booting to Linux maybe setup a SteamOS partition.
 
Yet another reason to not use Windows. What are you paying for?

knowom said:
I should really look into dual booting to Linux maybe setup a SteamOS partition.
Click to expand...

I'd start out with Linux Mint (or Ubuntu) unless it's a HTPC-type setup and you really really want to play with SteamOS. The Steam application is fully compatible with Ubuntu/Mint and easy to install.

The Linux-compatible game library is large enough now that I think most gamers around here could make the switch.
 
umeng2002 said:
Looks like the FBI and NSA are getting their wish: Technology companies just patch the vulnerabilities that "normal" people can pull off. I really hope this bites Intel, MS, etc. in the butt when Russia or NK exploits this.
Click to expand...

You mean, bites the USA in the butt. Because we're probably going to foot the cost in the end.
 
velusip said:
From my understanding it's dependent on the way Windows 10 uses those particular processor instructions. It's not that we need to protect against it, it's that we need not utilize the features in such a lazy way.
Click to expand...

Tpm reeked of backdoor from its inception. So far I feel correct in this assumption.
 
DeathFromBelow said:
The Linux-compatible game library is large enough now that I think most gamers around here could make the switch.
Click to expand...

While I don't have a Windows computer in my house, I can't say I made the switch. I still maintain a secondary SSD with Win7 for when I feel like playing some Windows exclusives. It annoys me greatly. ;)

viscountalpha said:
Tpm reeked of backdoor from its inception. So far I feel correct in this assumption.
Click to expand...

Aye. The concept for "trust-on-a-chip" has been around for a long time and has always been met with harsh criticism. There will always be fast-moving industry and fast moving dollars which fail to heed the warnings.
 
You must log in or register to reply here.
Back
Top