Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentium Computers Vulnerable to Attack?

Posted by ryuzaki0 on from the sounds-like-more-work-than-it's-worth dept.

An anonymous reader writes "One of the latest security scares is coming from security experts at CanSecWest/core '06 in the form of a possible hardware-specific attack. The attack is based on the built-in procedure that Pentium based chips use when they overheat. From the article: 'When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity, said Loïc Duflot, a computer security specialist for the French government's Secretary General for National Defense information technology laboratory. Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.'"

9 of 227 comments (clear)

  1. the sky is falling by Anonymous Coward · · Score: 5, Funny

    physical access means the h4x0rs can take over your computer now, news at 11.

  2. Aren't you already screwed? by saleenS281 · · Score: 5, Interesting

    What am I missing here? If they already have that much access to the system, aren't you already screwed?

  3. Sensational headline about a poor article. by dfn_deux · · Score: 5, Informative

    This hack assumes that the intruder already has write access to the nvram of the system. Also, the headline is just a cut/paste of a small portion of a poor article with few technical details. There is no PoC code, nor any specific chip mentioned. The headline refers to Pentium chips specifically and the articles says "any x86 based architecture, needless to say these are not interchangable terms... Shame on you Slashdot editors for posting this garbage...

    --
    -*The above statement is printed entirely on recycled electrons*-
    1. Re:Sensational headline about a poor article. by Jonboy+X · · Score: 5, Interesting
      By this point you may be asking yourself, "WTF is FCW.com anyway?" Their about page explains:
      Established in 1987, FCW Media Group uniquely integrates government, business and technology news and information to produce resources that help government IT decision-makers achieve results and meet agency missions. Our market-leading print, online, event and custom media products form an integrated information system that serves the information needs of all members of the government IT buying team-agency executives, program managers, IT managers and systems integrators-across all segments of federal, state and local government.

      FCW stands for Federal Computer Week, a trade rag that US gov't stooges use to figure out how to best waste our tax dollars of shiny boxes with blinky lights. Their topic headings include the buzzwords:
      • Defense
      • Enterprise Architecture
      • Executive
      • Integrators
      • Intelligent Infrastructure
      • Product Solutions
      • Program Management
      • Security/Homeland Security
      • Wireless

      The anonymous submitter might do well to remain so. Scuttlemonkey, OTOH, may have to enter the witness protection program. He's getting as bad as Zonk.
      --

      "In a 32-bit world, you're a 2-bit user. You've got your own newsgroup, alt.total.loser." -Weird Al
  4. Re:FUD? by PsychicX · · Score: 5, Insightful

    That's where this article gets a little sketchy.

    When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity,
    Ok, fine.
    Every computer that runs on x86 chip architecture may be vulnerable to this attack
    Wait. How did we get here?

    Let's go through this, again. Intel Pentium 4s are hot. No surprise there. They enter special modes when overheating that may introduce a security vulnerability. Fine. How does this cross over to AMD and Via chips again? AMD and Via processors don't have special modes like that. If system heat becomes critical they will simply shut the system down flat out. On a Pentium 4, overheating is not entirely unexpected, particularly on the high edge of the clock speeds. On an AMD or Via, overheating is a major failure condition, probably caused by a heatsink falling off.

    So, how are all x86 chips vulnerable, exactly? (Incidentally, between this and this, AMD is really looking to be a much safer deal, not to mention faster, cooler, more power efficient, etc.)

  5. The devil is in the details by zenhkim · · Score: 5, Insightful

    Just went and RTFA, and I'm frustrated by a lack of hard details about the new threat:

    - The article states that all x86 processors "could" be vulnerable. Does that mean the *entire* series of Pentium chips, even the older PIII and PII's? If so, are they equally as easy to compromise as the modern versions?

    - There is no mention of AMD architecture. Doesn't AMD have an equivalent "overheat failsafe" halt-and-cooldown function? Wouldn't that make AMDs vulnerable to this type of exploit as well, or do they require a slightly different attack?

    - Isn't the motherboard BIOS FlashROM responsible for the monitoring of and responding to dangerous CPU temperatures? Haven't they already been safeguarded against unauthorized writes, due to the Chernobyl virus?

    I think I'll hold off on ordering the prototype Borg implants when they come on the market.... :-(

    --
    "All hands, BRACE FOR IMPACT!"
  6. Good thing macs aren't vulnerable. by numbski · · Score: 5, Funny
    Whoo, I'm safe!
    # machine
    i486
    Well, crap. :P
    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  7. A few more details by Mr+44 · · Score: 5, Informative

    I can't find the actual paper anywhere, but this blog posting has way more details than the article originally linked ... Very interestingly, Windows XP is not vulnerable, but OpenBSD is.

    1. Re:A few more details by Cleveland+Steamer · · Score: 5, Informative
      Yes, this blog posting is interesting, but it still leaves some important details out.

      Linux and *BSD have a /dev/mem device interface for accessing physical memory from user space. Usually, this device only allows access from a priviledged user:

      crw-r----- 1 root root 1, 1 Dec 6 12:34 /dev/mem

      Using /dev/mem, it should be possible to access the address range assigned to system management RAM. However, the CPU has a Model-Specific Register (MSR) for enabling and disabling accesses to SM RAM. The instructions that are used to read and write MSRs (RDMSR and WRMSR) must be executed from ring-0 (kernel level) or else a GPF occurs. However, the Linux kernel can be configured to provide a user level interface to MSRs via:

      crw-rw---- 1 root root 202, 0 Feb 24 09:18 /dev/cpu/0/msr

      Again, you'll probably need root priviledges to access the device.