Researchers discover Intel chips rootkit vulnerability

Remember the good old days when, if your computer got infected, you would simply format your boot drive, reinstall the operating system and everything would be OK? Well, those times seem to be long gone as nowadays nothing is safe: rooters can be directly infected with malware, your RAM can also easily be a target (as proved by the Hacking Team's leaked files) and now it seems that even the processors can fall prey to attackers. At the Black Hat security (hacking) conference, a researcher named Christopher Domas demonstrated how a design flaw in Intel's x86 CPUs can be exploited with a rootkit.

According to Mr. Domas (security researcher at Battelle Memorial Institute), this issue only affects 32-bit (x86) processors and allows potential attackers to install rootkits in the CPU's System Management Mode (SMM). In human language, the SMM is a protected region of the processor which underpins all the firmware security features. What this means is that if the rootkit is deployed, formatting your hard drive and reinstalling your OS will not help and the Secure Boot feature won't do you any good either, because it also relies on the SMM region.

The good news is that in order to install the rootkit the attacker would require an already existing foothold (kernel or system privileges) on your PC, so it can't be exploited by itself. At the moment, Intel declined to comment on the subject, but according to Mr. Domas, the company has been made aware of the issue and has fixed it in its latest CPU models. Intel is also releasing firmware updates for its older chips but not all of them can be patched. In theory, AMD x86 CPUs share this vulnerability, but it hasn't been proven yet.

Comments

0 comments
You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <em> <i> <q cite=""> <s> <strike> <strong>