OT: Scariest security threat since Blue Pill

Coursedesign wrote on 3/21/2009, 6:28 PM
Two highly respected Polish security researchers have created an attack to inject code into Intel CPUs at the SMM level. This is above the OS level, completely undetectable by virus checkers etc., and capable of doing anything the crooks want.

This Network World article clearly explains the problem.

This is from the horses' mouths, including this quote:

... congrats to Intel employees who originally noticed the problem back in 2005.

IEEE first warned about this flaw in the Intel architecture in a paper in 1995...

My thought: a world where all CPUs are Intel chips, all desktop OSes are Microsoft Windows, and all routers are made by Cisco, it becomes easy to take down all PCs worldwide, or the entire Internet (there have been wide exploits of Cisco router flaws already).

Diversity has been proven to be important in nature, seems we're facing the same issue in the Computer Kingdom as in the Plant and Animal Kingdoms.

Comments

farss wrote on 3/21/2009, 7:25 PM
"all desktop OSes are Microsoft Windows"

As far as I know this exploit could work on any OS that runs on an Intel or AMD CPU.
It's not exactly easy to exploit though.

Bob.
CorTed wrote on 3/21/2009, 7:34 PM
Yes reading the article it seems this affects Intel Processors, and therefore could impact any machine running Intel processors, regardless of OS, Windows, Apple etc. etc.
Coursedesign wrote on 3/21/2009, 9:14 PM
Bob and CorTed,

You are making my point.

My point was about diversity against threats in each area: CPUs, OSes, routers, ...

Perhaps I should have said "computers" instead of PCs, including desktops, servers, and recent Macs, but not including netbooks AFAIK (oh, the irony...).

A second thought: is it possible that this security flaw was carefully designed, forced upon Intel by the NSA to make the agency's work easier?

I have seen some small indications that there has been pressure on computer-related vendors.

TheHappyFriar wrote on 3/21/2009, 9:29 PM
article kind of doesn't make sense in spots...
No software you can run on your operating system would be able to detect this type of exploit once you are p0wned

just based on the computer security article you posted, you HAVE to let the code in to your computer from a source. Be that a website, disc, whatever. So the code must be put in a piece of software before it can get to your computer as the motherboard/cpu themselves can't read data from drives, another program (like the bios, OS, etc) tells them to.

Is your PC currently p0wned by some hacker ninja using a SMM rootkit? How would you tell? You can't tell!!!!! MUWHAHA!

um... simple. don't have an intel CPU. duh.

I just hope Intel fixes these vulnerabilities fast.

i'm curious if he know how CPU's get made: if intel knew about this in '05, even if they fixed it the next month, it wouldn't show up in CPU's for a few years later as they're in dev for a while.

not a very professional article either... I take news more seriously when it doesn't have the words "p0wned" & "MUWHAHA". sorry, sounds more like a fanboy rant then a serious news article (even if it is serious).
Coursedesign wrote on 3/21/2009, 11:16 PM
These researchers are the ones who came up with the Blue Pill...
farss wrote on 3/22/2009, 5:00 AM
There's a more coherent article here:

http://www.securityfocus.com/columnists/402

The little of it that I can follow (there was some terms in there I haven't heard in a long time) it's not certain if the same kind of exploit does not exist in other architectures. I certainly recall a mixup in the 68000 and access to the supervisor register permitting user code to detect that it was in user mode. Of course back then no one gave a second thought to computer security, you just paid someone to smash a door down and steal all the HDDs.

Bob.