x86 chips suffer from security flaw?

— 1:40 AM on April 12, 2006

A potential security flaw in x86-based processors has been uncovered at the CanSecWest/core06 security conference. The flaw is allegedly an artifact of overheating protection mechanisms, and could allow attackers to gain administrative control over systems.

When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity, said Loïc Duflot, a computer security specialist for the French government’s Secretary General for National Defense information technology laboratory.

Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.

Dragos Ruiu, another security consultant who works for the US military and organized the conference, says that "[e]very computer that runs on x86 chip architecture" could be vulnerable. However, it isn't clear exactly how easily this flaw could be exploited, or whether an exploit could be performed remotely. It would also seem that only physically overheating processors could be affected, so this may be more of a technical curiosity than a real security issue. Thanks to Slashdot for the pointer.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.