Topic: x86 chip management system has security hole  (Read 1936 times)

0 Members and 2 Guests are viewing this topic.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
x86 chip management system has security hole
« on: April 15, 2006, 10:09:41 pm »
Link to full article

Quote
A FEATURE in Intel chips designed to prevent the motherboard from self-destructing can be hijacked by crackers.

Cyber boffin Loïc Duflot, who is computer security specialist for the French government’s Secretary General for National Defence information technology laboratory, said that every computer that runs Intel chips is at risk.


Edited original title of thread for accuracy.
« Last Edit: April 16, 2006, 12:06:36 pm by IKV Nemesis »
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: x86 chip management system has security hole
« Reply #1 on: April 16, 2006, 08:15:24 am »
Its not Intel chips, but all x86 chips... with thermal protection functions including AMD... and its hardly a security hole, if a malicious user already has that much access to your machine you're pretty much screwed.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: x86 chip management system has security hole
« Reply #2 on: April 16, 2006, 09:35:44 am »
Its not Intel chips, but all x86 chips... with thermal protection functions including AMD... and its hardly a security hole, if a malicious user already has that much access to your machine you're pretty much screwed.

I hesitated about posting that because I knew with recent discussions people might think I was just being anti Intel.   Even with looking I have seen nothing yet that indicates this particular flaw extends beyond Intel.  Can you provide a link to a source showing the defect extends beyond AMD?

Yes I agree that if a user has physical access to your machine any security can be broken one way or another. 
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: x86 chip management system has security hole
« Reply #3 on: April 16, 2006, 10:44:48 am »
Quote
... Every computer that runs on x86 chip architecture may be vulnerable to this attack, ...

http://www.fcw.com/article94010-04-10-06-Print

The attack does not work on Windows XP, but Linux 2.6, FreeBSD, NetBSD and OpenBSD are vulnerable.
Quote
A generic approach…: Pentium®, P6 (Pentium® IV, Xeon®), Pentium® clones.

http://www.cansecwest.com/slides06/csw06-duflot.ppt

Linked and discussed on slashdot earlier this week:
Quote
The exploit requires escalated privileges to begin with. The only thing it can currently be used for is bypassing secure levels inside of OpenBSD, where you already have root.

Quote
System management mode is present on all i686-class chips, including AMD. There are a number of ways to enter it, most of which depend on the motherboard - overheating a P4 is just one way.

and my personal favorite:
Quote
ALERT!

Pentium based machines are also vulnerable to a denial of service attack from a hacker with physical access to the machine and in the possession of a large axe. Should the attacker be wielding a pair of axes (one in each hand) then the attack would constitute a distributed denial of service.
  :D
http://hardware.slashdot.org/comments.pl?sid=182786&threshold=-1&mode=nested&commentsort=0&op=Change

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: x86 chip management system has security hole
« Reply #4 on: April 16, 2006, 12:06:03 pm »
Its not Intel chips, but all x86 chips... with thermal protection functions including AMD... and its hardly a security hole, if a malicious user already has that much access to your machine you're pretty much screwed.


Link to a longer version of the FCW article

Quote
Some chipsets map the SMRAM in the same location as video RAM, making it vulnerable to exploits used on video RAM, Duflot said. Those same chipsets allow access to SMRAM in Protected Mode if attackers have the right code to modify the computer’s settings, he said.


Now the key thing is to find (if we can) which chipsets contain the flaw. 
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: x86 chip management system has security hole
« Reply #5 on: April 16, 2006, 01:42:00 pm »
I'd say its not worth the effort.

Whether or not you run an affected OS on an affected processor, simply do not give root or physical access to people you do not trust. Problem solved, this is just common sense.

... and it should go without saying, do not expose your machine to viruses or trojans that would allow unauthorized individuals root privileges.

Offline Nemesis

  • Captain Kayn
  • Global Moderator
  • Commodore
  • *
  • Posts: 13067
Re: x86 chip management system has security hole
« Reply #6 on: April 16, 2006, 06:52:11 pm »
I'd say its not worth the effort.

Whether or not you run an affected OS on an affected processor, simply do not give root or physical access to people you do not trust. Problem solved, this is just common sense.

... and it should go without saying, do not expose your machine to viruses or trojans that would allow unauthorized individuals root privileges.

Never had a computer infected myself (yet anyhow) as I am cautious and my computers are kept locked away from all others. 

But I am still curious as to which chipsets are vulnerable.  As a deduction it would seem to be those with embedded video, which is dying out.  It would also seem to be the X Window server that is the vulnerable point rather than the OS which would make the command line secure.
Do unto others as Frey has done unto you.
Seti Team    Free Software
I believe truth and principle do matter. If you have to sacrifice them to get the results you want, then the results aren't worth it.
 FoaS_XC : "Take great pains to distinguish a criticism vs. an attack. A person reading a post should never be able to confuse the two."