Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 09, 2016, 01:24:28 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: New vulnerability found in older Intel processors  (Read 1501 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,723
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
New vulnerability found in older Intel processors
« on: August 09, 2015, 12:53:18 PM »
Emphasis added:

Security researcher Chris Domas has discovered a vulnerability in the x86 architecture of Intel processors made between 1997 and 2010 (pre-Sandy Bridge) that lets an attacker install software in a chip's protected System Management Mode space, which governs firmware-level security. Yes, that's as bad as it sounds: an intruder could not only take more control than you typically see in attacks (including wiping firmware), but infect your PC even if you wipe your hard drive and reinstall your operating system. Domas has only tested against Intel-made CPUs so far, but AMD processors could be vulnerable as well.

A would-be hacker needs low-level OS access to get in, so you at least won't face a direct assault -- you need to fall prey to another attack before this becomes an option. However, this vulnerability might be difficult or impossible to fix in a timely fashion. While it's theoretically possible to patch a computer's BIOS (or on relatively recent systems, UEFI) to prevent these attacks, the chances of that happening are slim. What's the likelihood that your motherboard maker will support a product that's at least 5 years old, or that most people are both willing and able to apply firmware upgrades? Not very high, we'd reckon.


TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,550
    • View Profile
    • Donate to Member
Re: New vulnerability found in old Intel processors
« Reply #1 on: August 09, 2015, 12:59:04 PM »

"Willing but maybe not able" is an interesting category I might fall into.

"Willing" is an hour's worth of convincing. But if it's harder than "upgrade PaleMoon/Floash/Java" then we might be stuck.


SeraphimLabs

  • Participant
  • Joined in 2012
  • *
  • Posts: 497
  • Be Ready
    • View Profile
    • SeraphimLabs
    • Donate to Member
Re: New vulnerability found in older Intel processors
« Reply #2 on: August 09, 2015, 01:12:34 PM »
"Willing but maybe not able" is an interesting category I might fall into.

"Willing" is an hour's worth of convincing. But if it's harder than "upgrade PaleMoon/Floash/Java" then we might be stuck.


It is, and a dangerous process to boot that is best left to people who have experience with it and know how to recover from a failure.

Because a botched BIOS update can brick your system, and a lot of OEM boards do not have functional recovery systems because how dare you try to update the bios outside of the supervision of a factory trained technician.

Naturally this kind of flaw is something the NSA would have known about and been using for the past decade, and it only got exposed because they found a better one to abuse.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: New vulnerability found in older Intel processors
« Reply #3 on: August 12, 2015, 04:47:06 PM »
I haven't had time to look properly at this, and the articles I've skimmed so far have been lacking, but...

1) SMM attacks are at least a decade old, and complicated to pull off - you need to write very specific code.
2) This exploit still needs ring0 access to pull off, right?
- carpe noctem