Intel Chip Vulnerability Could Lead to Stealthy Rootkits
Security researchers have turned the spotlight on an Intel chip vulnerability that could allow hackers unauthorized access to system management mode code. The hack was disclosed recently by the efforts of two separate researchers, but was apparently first uncovered by Intel employees.Security researchers have released proof of concept exploit code for an Intel chip flaw that could be abused to compromise computer systems with stealthy rootkits. The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorized access to SMRAM, a protected region of system memory where the system management mode (SMM) code lives. Joanna Rutkowska and Rafal Wojtczuk of Invisible Things Lab released a paper with proof of concept code yesterday, while Loic Duflot, a research engineer for the French Central directorate for Information System Security, was slated to simultaneously make a presentation on the issue at the CanSecWest conference in Vancouver.
Duflot and the researchers at Invisible Things Lab discovered the flaw separately - though apparently neither are the first to report its existence. According to the team at Invisible Things Lab, the flaw was actually found initially by Intel employees, who wrote about how this class of CPU caching vulnerability could be exploited back in 2005.