Members
Stats
  • Total Posts: 28530
  • Total Topics: 8241
  • Online Today: 871
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Researchers to Report Intel Chip Rootkit Code  (Read 3399 times)

0 Members and 1 Guest are viewing this topic.

georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
Researchers to Report Intel Chip Rootkit Code
« on: 19. March 2009., 15:03:19 »


Security researchers Joanna Rutkowska and Loic Duflot are planning to release information on what NetworkWorld blogger Jamey Heary calls "the scariest, stealthiest, and most dangerous rootkit" he's seen.

According to Heary, on Thursday (March 19, 2009) the researchers will release a research paper and exploit code for a new SMM (System Management Mode) rootkit that utilizes an Intel CPU caching vulnerability. The attack allows the rootkit to hide in the SMM space and take control of the PC. Heary warns that there is no software that can detect the rootkit once it is installed.

Quote
"Thursday, March 19th, 1600 UTC, we will publish a paper (+ exploits) on exploiting Intel® CPU cache mechanisms. The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM in a matter of just a few hours."

Why are they releasing the code to the public? Rutkowska and Duflot claim that Intel has known about the vulnerability for years and hasn't done anything to fix it. So, they are simply reporting what someone with less than legal intentions is already exploiting.

Quote
"If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later. So, don't blame researchers that they find and publish information about bugs — they actually do a favor to our society."

(ITBE)
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker's Computer Forum - SCforum.info

Researchers to Report Intel Chip Rootkit Code
« on: 19. March 2009., 15:03:19 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #1 on: 19. March 2009., 15:10:00 »
 
:o

This's real dangerous...

Right now I'm thinking, Did this researchers do a right thing??



 

georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #2 on: 19. March 2009., 15:13:58 »
Yeah RIGHT! This is a nasty one!

Now that Intel CPUs' are vulnerable to exploit!  Finger's crossed for the meantime until Intel gets to fix this issue!!!

P.S.

Just type nice words to Intel guys!  :thumbsup: HEHEHE
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #3 on: 19. March 2009., 15:26:34 »

I can't believe that they "forget" to close this with some patch.

INTEL - :thumbsdown:


georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #4 on: 19. March 2009., 15:38:21 »
Believe it Sam, they do forget.. hehehe.

The researchers were fairly responsible to report the issue immediately. And they quote:

So, being the good and responsible guys that we are, we immediately reported the new bug to Intel (actually talking to Intel's PSIRT is getting more and more routined for us in the recent months ;). And this is how we learnt that Loic came up with the same attack (back then there was no talk description at the conference website) — apparently he approached Intel about this back in October 2008, so 3-4 months before us — and also that he's planning to present it at the CanSecWest conference in March. So, we contacted Loic and agreed to do coordinated disclosure next Thursday.

Interestingly, however, none of us was even close to being the first discoverer of the underlying problem that our attacks exploit. In fact, the first mention of the possible attack using caching for compromising SMM has been discussed in certain documents authored as early as the end of 2005 (!) by nobody else than... Intel's own employees.


Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #5 on: 19. March 2009., 17:18:49 »

UNBELIEVABLY!  ???

What do you think is it AMD capable to make the most of this "bug"?


jake2pointzero

  • SCF Member
  • **
  • Posts: 53
  • KARMA: 6
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #6 on: 20. March 2009., 04:07:21 »
Samker,

Does this mean, if you have a Intel Processor like Intel Core 2 Duo. We are vulnerable to the bug?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #7 on: 20. March 2009., 07:28:22 »
Probably, but important thing is that this bug isn't exploited yet...

Anyway, I think that we all need to "watch this story" very carefully.


F3RL

  • SCF Advanced Member
  • ***
  • Posts: 171
  • KARMA: 18
  • Gender: Male
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #8 on: 20. March 2009., 12:17:40 »
What the heck does Intel up to? Yeah, they should cover this vulnerability with some kind of patch or firmware.

Does this rootkit active regardless of operating system? If yes, people with servers, watch out  :o
well? understand ma bad English.

georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male
Re: Researchers to Report Intel Chip Rootkit Code
« Reply #9 on: 20. March 2009., 16:36:10 »
Quote
Does this rootkit active regardless of operating system?

Apparently yes. Here's a summary piece:

"The potential consequence of attacks on SMM might include SMM rootkits [9], hypervisor compromises [8], or OS kernel protection bypassing [2]."

The published paper:   http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising