Security Vulnerabilities You Can't Fix
At the upcoming Hack In The BOX (HITB) Conference, independent researcher Kris Kaspersky plans to release proof-of-concept (POC) code that exposes exploitable bugs in Intel CPUs.
July 29, 2008
Software makers routinely issue patches to fix security problems in their applications and OSs, but that's not always possible for hardware. (What??? You didn't know that your CPU has unfixed security bugs that might leave you wide open to attack? It's true!) Take for example Intel's hugely popular Core 2 line of processors. Over the past few years a lot of discussion has taken place regarding a long list of bugs in Core 2 Duo and Solo processors, including the Extreme Edition of the processors, all of which are currently used in numerous systems. These bugs are the result of design flaws.
Sometimes OS developers and BIOS developers can work around the bugs to help protect against potential system failures and security exploits. As an example of the security implications, a system might load data from the wrong memory location, or malware might take advantage of insufficient code segment checks, and so on. Although CPU bugs are to be expected, there's no fix from any vendor--including Intel--for many of the known bugs. If you're interested in having a look, Intel's list of bugs (as of February 2008) for the Core 2 Duo and Solo processors is available at the first URL below. If you're interested in the potential impact of some of the known bugs, head over to Geek.com (at the second URL below) and have a look at the image file that was posted back in 2006. It contains a list of bugs known at that time, along with their potential ramifications.
http://download.intel.com/design/mobile/SPECUPDT/30922214.pdf
http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif
Even if you don't have any systems using Core 2 CPUs, you've still got plenty to worry about. Other CPUs, including those manufactured by AMD, each have their list of bugs. Fortunately, so far there hasn't been any widespread exploitation of CPU bugs. Unfortunately, that might be about to change. At the upcoming Hack In The BOX (HITB) Conference, which will be held October 27-30 in Malaysia, independent researcher Kris Kaspersky will give a presentation that is already making big waves.
According to Kaspersky, "Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running." He intends to back up his claims by demonstrating how such attacks are possible using proof-of-concept (POC) code which he has developed. Based on the information he's released so far, his POC code takes advantage of JavaScript and TCP/IP packet storms to wreak havoc on a system. Kaspersky said that exploitation is possible via just-in-time (JIT) compilers. And, he claims that CPU bugs have caused disk drive damage, which makes data recovery a big issue. See the URL below for a bit more information.
http://conference.hitb.org/hitbsecconf2008kl/?page_id=214
If Kaspersky releases his POC code, as he reportedly intends to do, then we can fully expect that as usual that code will make it into the hands of malware developers who will turn it toward malicious purposes. If that happens, and any particular exploits become widespread and indefensible, then it's also possible that Intel might have to step up to the plate with processor recalls as they did back in the mid 1990's after the discovery of the now relatively famous Pentium floating point division bug. I guess we'll find out what the future holds soon enough.
About the Author
You May Also Like