Categories: Security

Intel Chip Flaw Could Be Used By Rootkits

Security researchers have revealed an Intel chip vulnerability that could allow hackers unauthorised access to system management code. The caching vulnerability was disclosed by two separate researchers, but was first uncovered by Intel employees.

The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorised access to SMRAM, a protected region of system memory where the system management mode (SMM) code lives. Joanna Rutkowska and Rafal Wojtczuk of Invisible Things Lab released a paper with proof of concept code, while Loic Duflot, a research engineer for the French Central directorate for Information System Security, was slated to simultaneously make a presentation on the issue at the CanSecWest conference in Vancouver.

Duflot and the researchers at Invisible Things Lab discovered the flaw separately – though apparently neither is the first to report its existence. According to the team at Invisible Things Lab, the flaw was actually found initially by Intel employees, who wrote about how this class of CPU caching vulnerability could be exploited back in 2005.

The attack assumes the hacker has access to certain platform MSR registers. Technical details of the attack can be found here in the paper from Invisible Things Lab. Successful exploitation of the CPU cache poisoning allows hackers to read or write to SMRAM, which is otherwise protected.

“The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs,” Rutkowska, CEO of Invisible Things Lab, explained in a blog post.

According to Invisible Things Lab, this is the third attack on SMM memory in Intel systems the labs has found in the last 10 months.

“Intel has informed us that they have been working on a solution to prevent caching attacks on SMM memory for quite a while and have also engaged with OEMs/BIOS vendors to implement certain new mechanisms that are supposed to prevent the attack,” according to the paper. “According to Intel, many new systems are protected against the attack. We have found out, however, that some of Intel’s recent motherboards, like e.g. the popular DQ35, are still vulnerable to the attack.”

In her blog, Rutkowska added that researchers should not be blamed for publishing information they find about a bug if vendors do not move quickly enough.

“If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later,” she wrote.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

13 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

16 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

18 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago