Tuesday, July 15th 2008
CPU Errata Turn Security Vulnerabilities
Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it's relatively 'peaceful' these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.
Kaspersky plans to validate his claims by a demonstration during the Hack-in-the-box (HITB) event this October, where he will demonstrate different attacks specific to the errata of different processors. He told PC World, "I'm going to show real working code...and make it publicly available. Some bugs just crash the system; some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections."
For the know, even the most recent "Silverthrone" Atom processors have a list of errata, we all remember the Translation Look-aside Buffer erratum that AMD shipped its initial K10 processors with, which plagued sales of the Quad-core AMD Barcelona and Agena parts, and of how Intel delayed launch of Penryn to fix design flaws. That brings us to the burning question: why on earth would Kaspersky want to release the code to create such malware, and discover this vulnerability in the first place? Oh, it means business for Kapersky, a vendor of security software himself, and other security providers. Interestingly, such security patches come in the form of patches to the BIOS a-là the immediate fix for TLB-affected AMD processors. Fresh headache for BIOS coders of Motherboards, or maybe there's a business to that too? Perhaps 'Best security features' could be the next mantra for motherboard vendors, like 'best energy-saving features' is now.
Source:
DailyTech
Kaspersky plans to validate his claims by a demonstration during the Hack-in-the-box (HITB) event this October, where he will demonstrate different attacks specific to the errata of different processors. He told PC World, "I'm going to show real working code...and make it publicly available. Some bugs just crash the system; some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections."
For the know, even the most recent "Silverthrone" Atom processors have a list of errata, we all remember the Translation Look-aside Buffer erratum that AMD shipped its initial K10 processors with, which plagued sales of the Quad-core AMD Barcelona and Agena parts, and of how Intel delayed launch of Penryn to fix design flaws. That brings us to the burning question: why on earth would Kaspersky want to release the code to create such malware, and discover this vulnerability in the first place? Oh, it means business for Kapersky, a vendor of security software himself, and other security providers. Interestingly, such security patches come in the form of patches to the BIOS a-là the immediate fix for TLB-affected AMD processors. Fresh headache for BIOS coders of Motherboards, or maybe there's a business to that too? Perhaps 'Best security features' could be the next mantra for motherboard vendors, like 'best energy-saving features' is now.
17 Comments on CPU Errata Turn Security Vulnerabilities
that a virus can copy itself to your DVD burner's buffer:eek: And evade any antivirus and then copy istelf back to the HDD, while overcharging the drive's motor causing CDs to explode and posibly shred any living thing within 10 metres?
The solution?
GET A CERTIFIED SECURE DVD DRIVE WITH A SELF-DESTRUCT MECHANISM.NOW
i must say though :nutkick:Kaspersky. you guys just introduced a whole new breed of viruses and trojans (unforutnantly, its not the rubber kind), and you fucking released the code? i hope your damn software can block the attacks that you've introduced!
also, this will definently become a factor in hardware choices. wonder when gigabyte starts saying.. "hey guys! quad protection against erotic exploits that the kaspersky idiots introduced."
time to buy a new revision errata-free phenom lol.
Back on topic:
It's better he releases such info, if this kind of thing is kept in the shadows for too long it actually causes more damage.
A good example of this happening is the firewire design flaw:
Endgadget Article
Technical info
am i missing something or is he an arsehole?
Unfortunately, drawing attention to these issues is the only way they'll get fixed, so I have to say I think Kaspersky is in the right.