Slashdot Mirror


Pentium Computers Vulnerable to Attack?

An anonymous reader writes "One of the latest security scares is coming from security experts at CanSecWest/core '06 in the form of a possible hardware-specific attack. The attack is based on the built-in procedure that Pentium based chips use when they overheat. From the article: 'When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity, said Loïc Duflot, a computer security specialist for the French government's Secretary General for National Defense information technology laboratory. Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.'"

4 of 227 comments (clear)

  1. Aren't you already screwed? by saleenS281 · · Score: 5, Interesting

    What am I missing here? If they already have that much access to the system, aren't you already screwed?

  2. Re:Sensational headline about a poor article. by Jonboy+X · · Score: 5, Interesting
    By this point you may be asking yourself, "WTF is FCW.com anyway?" Their about page explains:
    Established in 1987, FCW Media Group uniquely integrates government, business and technology news and information to produce resources that help government IT decision-makers achieve results and meet agency missions. Our market-leading print, online, event and custom media products form an integrated information system that serves the information needs of all members of the government IT buying team-agency executives, program managers, IT managers and systems integrators-across all segments of federal, state and local government.

    FCW stands for Federal Computer Week, a trade rag that US gov't stooges use to figure out how to best waste our tax dollars of shiny boxes with blinky lights. Their topic headings include the buzzwords:
    • Defense
    • Enterprise Architecture
    • Executive
    • Integrators
    • Intelligent Infrastructure
    • Product Solutions
    • Program Management
    • Security/Homeland Security
    • Wireless

    The anonymous submitter might do well to remain so. Scuttlemonkey, OTOH, may have to enter the witness protection program. He's getting as bad as Zonk.
    --

    "In a 32-bit world, you're a 2-bit user. You've got your own newsgroup, alt.total.loser." -Weird Al
  3. UNIVAC had similar vulnerability in checkpoint by dbc · · Score: 4, Interesting

    This reminds me of the vulnerability in the operating system that shipped with the Univac 1100/10. The checkpoint/restart facility allowed you to write a checkpoint image to tape. Part of the checkpoint image was the system status register.

    The crack:
    1. Checkpoint your job to tape.
    2. remount tape.
    3. fiddle the executive-mode bit in the dumped status register.
    4. remount tape.
    5. restart job -- mainframe p0wn3d.

    Of course, in those days, a student that could do that was quickly hired into the system programming staff so that they could keep a closer eye on him and also get some productive work from him.

    Ohh... BTW... if you can find an 1100/10 these days, it won't work any more. They fixed that about the same time they quit making CPU's out of vacuum tubes.

    I wish Intel would create new bugs, instead of just repeating old ones. Copycats.

    Just think, the script kiddies that pulled this off are now drawing Social Security.

  4. Think like an evil hax0r, then be afraid. by jmorris42 · · Score: 4, Interesting

    > The exploit requires escalated privileges to begin with. The only thing it can currently
    > be used for is bypassing secure levels inside of OpenBSD, where you already have root.

    People, think this through a bit and some more dangers appear. If root can replace System Management Mode there are some interesting possibilities for evil. SMM runs at permission levels beyond ring0, think of it as ring-1. From there you can escape any virtualization, any chroot jail, probably even escape from inside an emulator like VMWare if you can manage to execute the exploit without the emulation catching it and simulating it. Until this is completely understood and fixed, Xen, usermode linux, chroot and possibly VMWare/VirtualPC should be suspect.

    Now imagine just how many people have root access to their virtual server at a hosting company and how many other users are running on the same physical hardware secure in the belief that their customer information is safe. But is it?

    --
    Democrat delenda est