Researchers reveal Intel processor exploit
Monday, March 23, 2009
Two researchers presented a paper at the CanSecWest conference in Vancouver last week about a network security exploit that has the ability to compromise PCs that run on Intel processors.
According to the security experts, the attack involves cache poisoning in a CPU operation mode called System Management Mode (SMM), SCMagazineus.com reports.
"In this paper we have described practical exploitation of the CPU cache poisoning," the researchers wrote. "This is the third attack on SMM memory our team has found within the last 10 months, affecting Intel-based systems. It seems that the current state of firmware security, even in case of such reputable vendors as Intel, is quite unsatisfying."
A cyberattack based on the Intel exploit could potentially poison a chip's cache memory, allowing access to the SMM, according to the article. The researcher said the attack could also mean the dumping of contents of RAM used for SSM or enabling arbitrary code execution in that memory.
Intel has reportedly been working on a solution to safeguard against the exploit on SMM memory. A spokesperson told SCMagazineus.com that many of the new systems are protected against the exploit. However, the researchers pointed out some of Intel's motherboards, such as the DQ35, are still vulnerable.
Related News:
Cyber criminals exposed medical records - 3.8.2010
More than 18,000 patients, whose medical information is stored on the computer systems of five doctors in Torrance, California, were potential victims of identity theft in September when cyber criminals penetrated the doctors' networks, according to the Los Angeles Times.
McAfee advises companies to boost web security relating to source code - 3.4.2010
At the RSA Conference, currently taking place in San Francisco, McAfee released a report indicating that companies regularly use too few web security protocols when protecting intellectual property such as source code.
False social networking attacks provides teachable moment for web security - 2.25.2010
A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processor.com, a web and network security news provider.
With global web security under siege, exports point to problems - 2.25.2010
In 2009, Garlik, a United Kingdom-based web security company, reported a 207 percent increase in malware use to overtake bank accounts. Recent events have also shown vulnerability in corporate, private and governmental web security systems.
Kaspersky reports malware growing more sophisticated - 2.24.2010
Kaspersky, a web security provider, reported Wednesday that while there is very little growth in the amount of malware currently roaming the web, it is becoming more advanced and much harder to detect.
|
