A Hardware Vulnerability That's the Worst of the Worst

Ralph DeFrangesco

A vulnerability in the Intel CPU chipset could allow hackers the ability to launch a System Management Mode (SMM) attack by way of CPU caching. The attack would allow privileged escalation from ring 0 to SMM. To put this in persepective, the kernel runs in ring 0 along with some hypervisors. The OS cannot even interrupt or override SMM.

 

This is a very uncommon vulnerability and requires a fairly sophisticated attacker to be able to pull off the exploit. Intel was made aware of this problem back in 2005 by its own employees, yet did nothing to patch the vulnerability. Two Polish researchers made Intel aware of the vulnerability again in 2008 yet did nothing to patch it. If an attacker were to write a root-kit and put it in the SMM, it would be undetectable and difficult to remove.

 

A research paper and code example will be released today outlining the vulnerability and how the SMM can be exploited. We have to ask, are we better off publishing the vulnerability or keeping it a secret?

 

If they publish it, it might force Intel to finally patch it. However, why publish it? Let's not just give it to the bad guys -- make them figure it out themselves. This should give Intel enough time to figure out a fix.

 

In my opinion, this needs to be fixed sooner or later. Intel has been using security through obscurity and so far it has worked. After tomorrow, it will be a whole new ball game.



Add Comment      Leave a comment on this blog post
Mar 19, 2009 8:09 AM Ralph DeFrangesco Ralph DeFrangesco  says:

Joannah,

Thank you for taking the time to read my blog. I hope you will continue to read it and even participate. I would love to hear what you think about some of these issues.

-Ralph

Reply
Mar 23, 2009 9:35 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Etim Attah

Etim,

Thank you for taking the time to reply. Yes, this is a big deal. Lets all hope that Intel does something about this soon.

-Ralph

Reply
Mar 23, 2009 10:10 AM Etim Attah Etim Attah  says: in response to Ralph DeFrangesco

Your contribution really make a lot of sense. I hope Intel will fixed it soon

Attah

Reply
Mar 24, 2009 9:15 AM Hank Hank  says:

Working in IT, this just sends needles down my spine.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.