Intel Hardware Hacking

I’ve been reading about a potentially serious vulnerability in Intel processors. To summarize, security researchers have discovered a way to access Intel CPUs System Management Mode (SMM) and run rootkits. A rootkit is a tool that allows an attacker to completely take over a computer system and do whatever they want with it and usually the only way to get rid of it is a complete rebuild of the system. SMM is a diagnostic tool designed to help chip designers and runs at a higher privilege level than the Operating System, so once in SMM an attacker can run programs whether you like it or not. Worse, SMM can made completely invisible to the target PC so something could be running there any you’d never know it. This attacks your computer’s hardware instead of it’s software, and once a malicious program is there it’s free to do what it wants, and can possibly even save itself in your hardware so it loads on startup.

In short, if successful an attacker could take complete control of your system and bypass every security measure you have and you’d never even know it, much less be able to do anything about it.

It’s not that clear how widespread this vulnerability is but it’s fair to say it affects a large proportion on Intel-based computers produced in the last few years. This is more than just PCs and laptops but servers, network devices, and security devices as well.

An undetectable rootkit is definitely a very, very bad thing so serious efforts are under way to fix this The good news is that it looks like traditional methods will have to be used to load it on, so installing security updates and having good anti-virus software is still your best defence. It’s not as if anyone can take over your computer no matter what your precautions, it’s just that if they do penetrate your computer’s defences the potential for damage has gone up substantially.

What is most concerning about this for me is not the fact that it bypasses security so thoroughly, although that is a major worry. in truth there are already many other much easier ways to gain control of systems for fun or profit as many people do not install security updates or have antivirus software installed. This type of attack, while powerful, isn’t suddenly going to bust things open. The sophistication of this attack will prevent widespread exploitation by anyone but the most clever and knowledgeable of crackers at least for now. The very sophistication however is the problem in that anyone who has the skills to gain this method will have the skill to exploit it to its fullest potential. The danger is more in it’s stealth than it’s power: as a rootkit installed using this method is completely undetectable a sophisticated attacker could exploit it so subtly that the victims may never have a clue that they’re been attacked.

For now there’s nothing you can do about this except what you hopefully do already: install security updates and buy good antivirus software. For now the race is on to see if Intel and the security industry can come up with a fix before this is widely exploited.

For the curious more information can be found here:
http://invisiblethingslab.com
http://blogs.techrepublic.com.com/security/?p=1130

Submit comment

Allowed HTML tags: <a href="http://google.com">google</a> <strong>bold</strong> <em>emphasized</em> <code>code</code> <blockquote>
quote
</blockquote>