1 reply to this topic

[Brito]

Great. Not surprised, but now is public.

 

 

http://hothardware.c...es-back-to-1997

[Wonko the Sane]

The actual paper is here:
https://www.blackhat...calation-wp.pdf
 
At first sight, besides the linguistic hype:
 

The architecture has heaped layers upon layers of protections on
these ‘negative’ rings, but 40 years of x86 evolution have left a
labyrinth of forgotten backdoors into the ultra-privileged modes.
Lost in this byzantine maze of decades-old architecture
improvements and patches, there lies a design flaw that’s gone
unnoticed for 20 years.

Side note to hackers/programmers: you are a hacker or programmer you are not H.P.Lovecraft, and you should not try to write as if you were him.
 
It seems like the actual issue is not with the processor (and dating back to 20 years) but rather with the UEFI:

SMM code is installed during the boot process
by system firmware, the diversity of which typically precludes
a widespread attack. However, select components of system
firmware are derived from a set of Unified Extensible
Firmware Interface (UEFI) template code provided by Intel.
Such is the case for the initial SMM entry point, which is
almost universally deployed on modern systems. An attack
directed against this specific code sequence achieves the
widest possible coverage.

And:

http://www.bit-tech....security-flaw/1

Thankfully, exploitation of the vulnerability requires low-level access to the host system - meaning that an attacker wishing to make use of the flaw to implant malicious code in ring -2 would already need to have ring 0 access, the highest level of access typically available to user-level code.

 

 

I think I will sleep fine tonight.

 

Wonko