Coincident with the CanSecWest conference in Vancouver Thursday, Joanna Rutkowska and Rafal Wojtczuk, researchers at Invisible Things Lab, released information on a security exploit that could compromise PCs that run on Intel processors.
In a paper describing the exploit, they claimed that the attack, involving cache poisoning in a CPU operation mode called System Management Mode (SMM), was the third their team had found affecting Intel-based systems within the last 10 months.
“It seems that current state of firmware security, even in cases of such reputable vendors as Intel, is quite unsatisfying,” they wrote in the paper.
An attack based on the Intel exploit could poison a chip's cache memory, which would enable forced access to SMM, the most privileged CPU mode on x86 architectures. Even operating systems cannot access SSM, which handles certain errors, power management and other features. According to Rutkowska and Wojtczuk, exploitation of the CPU cache could mean dumping the contents of RAM used for SSM, or enabling arbitrary code execution in that memory.
The potential consequence of attacks on SMM might include SMM rootkits, hypervisor compromises, or OS kernel protection bypassing, they said.
Intel has been working on a solution to prevent caching attacks on SMM memory, and a spokesperson has said that many new systems are protected against the exploit. But, writing in their paper, Rutkowska and Wojtczuk said: “Some of Intel's recent motherboards, like the popular DQ35, are still vulnerable to the attack. Additionally, the workarounds that Intel has mentioned to us are not yet officially documented.”