Security Hardware & IT Security Software - eWeek

Home

Security Hardware & IT Security Software

Intel Chip Vulnerability Could Lead to Stealthy Rootkits

Plan, Launch and Manage Your Data Centers More Efficiently

Turn Data into Results with Better Business Intelligence

Smarter Virtualization – Key Building Block for Dynamic Infrastructure


	Save Money and Improve Agility: Virtualize with Sun SPARC Enterprise M-Series Servers The Next Step in Virtualization: Moving Demanding Applications to Virtual Environments Powering Business Productivity with Dell OptiPlex Desktops See All Resources >

Security Hardware & IT Security Software

Intel Chip Vulnerability Could Lead to Stealthy Rootkits

Share
By: Brian Prince
2009-03-20
Article Rating:

/ 7

There are 1 user comments on this Security Hardware & IT Security Software story.

Rate This Article:

E-mail

PDF Version

Security researchers have turned the spotlight on an Intel chip vulnerability that could allow hackers unauthorized access to system management mode code. The hack was disclosed recently by the efforts of two separate researchers, but was apparently first uncovered by Intel employees.

Security researchers have released proof of concept exploit code for an Intel chip flaw that could be abused to compromise computer systems with stealthy rootkits.

The attack takes advantage of an Intel CPU caching vulnerability that can be used to get unauthorized access to SMRAM, a protected region of system memory where the system management mode (SMM) code lives. Joanna Rutkowska and Rafal Wojtczuk of Invisible Things Lab released a paper with proof of concept code yesterday, while Loic Duflot, a research engineer for the French Central directorate for Information System Security, was slated to simultaneously make a presentation on the issue at the CanSecWest conference in Vancouver.

Duflot and the researchers at Invisible Things Lab discovered the flaw separately - though apparently neither are the first to report its existence. According to the team at Invisible Things Lab, the flaw was actually found initially by Intel employees, who wrote about how this class of CPU caching vulnerability could be exploited back in 2005.

The attack assumes the hacker has access to certain platform MSR registers. Technical details of the attack can be found here in the paper from Invisible Things Lab. Successful exploitation of the CPU cache poisoning allows hackers to read or write to SMRAM, which is otherwise protected.

“The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs,” Rutkowska, CEO of Invisible Things Lab, explained in a blog post.

According to Invisible Things Lab, this marks the third attack on SMM memory they have found in the last 10 months affecting Intel-based systems.

“Intel has informed us that they have been working on a solution to prevent caching attacks on SMM memory for quite a while and have also engaged with OEMs/BIOS vendors to implement certain new mechanisms that are supposed to prevent the attack,” according to the paper. “According to Intel, many new systems are protected against the attack. We have found out, however, that some of Intel's recent motherboards, like e.g. the popular DQ35, are still vulnerable to the attack.”

In her blog, Rutkowska added that researchers should not be blamed for publishing information they find about a bug if vendors do not move quickly enough.

"If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later," she wrote.

	Reader Comments: Intel Chip Vulnerability Could Lead to Stealthy Rootkits
>>> Post your comment now!
	Underlying Vulnerabillity So there are businesses who sell their knowledge about computer security by advertising vulnerabilities - as a form of extortion. "If companies... Posted At: 03-23-09 By: Vinewood

	>>> Post your comment now!



	>>> More Security Hardware & IT Security Software Articles >>> More By Brian Prince

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FEATURED SPONSORED MESSAGE

Hitachi announces IT Operations Analyzer software

Monitor and diagnoses issues in multivendor network environments.

Web-based interface, agent-less, multiple network views and automated root cause analysis help maximize network availability and reduce expenses. Good for businesses with 50-250 nodes.

Download free 30-day trial

Brought to You By

FEATURED SPONSORED MESSAGE

Should You Be Using “up.time”?

Easily Monitor Virtual, Physical, and Cloud based assets, applications and services from a unified Dashboard with up.time

Deep Monitoring across platforms and best-of-breed reporting. Over 700 enterprise customers in 32 countries

Free Trial Download Here (Virtual Appliance available)

Brought to You By

Sponsors

DCIG Report: Get Near Real Time Backup & Recovery.

up.time Easily Monitors Virtual/Physical/Cloud. Free Trial.

Build your Multitenant Cloud App today on LongJump.

New & Easier Data Center Innovation & Integration.

Let Progress Software help your business make progress.

Expand on Demand. AT&T Synaptic Storage as a Service.

Learn more about EnterpriseDB @ the Postgres Center

See why ShoreTel is named best overall VoIP provider

CDW Healthcare offers the IT solutions you need.

One number. One voicemail. Sprint Mobile Integration.

10 Reasons to Upgrade to Windows Server 2008 R2.

See the easy to manage ScanSnap Network iScanner

FREE Sophos Encryption Tool: Encrypt, compress and share files easily.

	eWEEK RSS FEEDS and NEWSLETTERS
	Get eWEEK news delivered to your desktop with RSS eWEEK Free Newsletters

Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Networking Network Security Infrastructure Security How To: Data IT Security News Security Watch Blog Secure Channel Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows 7 Managed Print Services Computer Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: Enterprise Mobility Zone VoIP Solutions Wireless Technology Messaging Software Web Services Wireless News Mobile Reviews Apps & Development: Application Development Enterprise Apps Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel and VARs Careers Blog Value Added Resellers More eWeek Links: Green Computing Center Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home eWeek Baseline Magazine Channel Insider CIO Insight eSeminars and Events Publish Online Web Buyers Guide Developer Websites: Microsoft DevSource Dev Shed DeveloperShed ASP Free SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices PDF Zone Linux Watch Windows Migration Smarter Technology Enterprise TechBrief
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 2 hosted by Hostway.

Intel Chip Vulnerability Could Lead to Stealthy Rootkits

Suggested Related Content: