Thursday, March 19, 2009

Researchers Warn on Security Flaw in x86 Chips

Andy Patrizio write on

Security researchers are sounding the alarm about what they say is a serious and long-known flaw in x86 processors that could prove embarrassing not just for its existence -- but for the lack of action taken to address it so far.

Joanna Rutkowska and Rafal Wojtczuk today published a research paper [.pdf] describing a proof-of-concept rootkit that a hacker can install on a system through a vulnerability in Intel CPUs' caching memory.

The rootkit specifically attacks System Management Mode (SMM) memory, called SMRAM -- an area of memory not accessible by software because it has a specific use: It's where the processor stores information when a system enters sleep mode.

The memory operates at a higher level of privilege than the operating system, which means the OS can't manage or control it. Even the kernel or a hardware hypervisor can't override it, making attacks that penetrate SMM potentially difficult to thwart. Because SMM memory is protected from applications accessing it, any code that runs in it is trusted to be valid and safe.

As a result, malware could take over a PC with little or no way to remove it.

More here.


Post a Comment

<< Home