Categories: Security

Intel Chip Flaw Could Be Used By Rootkits

Security researchers have revealed an Intel chip vulnerability that could allow hackers unauthorised access to system management code. The caching vulnerability was disclosed by two separate researchers, but was first uncovered by Intel employees.

The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorised access to SMRAM, a protected region of system memory where the system management mode (SMM) code lives. Joanna Rutkowska and Rafal Wojtczuk of Invisible Things Lab released a paper with proof of concept code, while Loic Duflot, a research engineer for the French Central directorate for Information System Security, was slated to simultaneously make a presentation on the issue at the CanSecWest conference in Vancouver.

Duflot and the researchers at Invisible Things Lab discovered the flaw separately – though apparently neither is the first to report its existence. According to the team at Invisible Things Lab, the flaw was actually found initially by Intel employees, who wrote about how this class of CPU caching vulnerability could be exploited back in 2005.

The attack assumes the hacker has access to certain platform MSR registers. Technical details of the attack can be found here in the paper from Invisible Things Lab. Successful exploitation of the CPU cache poisoning allows hackers to read or write to SMRAM, which is otherwise protected.

“The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs,” Rutkowska, CEO of Invisible Things Lab, explained in a blog post.

According to Invisible Things Lab, this is the third attack on SMM memory in Intel systems the labs has found in the last 10 months.

“Intel has informed us that they have been working on a solution to prevent caching attacks on SMM memory for quite a while and have also engaged with OEMs/BIOS vendors to implement certain new mechanisms that are supposed to prevent the attack,” according to the paper. “According to Intel, many new systems are protected against the attack. We have found out, however, that some of Intel’s recent motherboards, like e.g. the popular DQ35, are still vulnerable to the attack.”

In her blog, Rutkowska added that researchers should not be blamed for publishing information they find about a bug if vendors do not move quickly enough.

“If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later,” she wrote.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

4 hours ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

5 hours ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

5 hours ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

6 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

6 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

7 hours ago