x86 chips suffer from security flaw?
A potential security flaw in x86-based processors has been uncovered at
the CanSecWest/core06 security conference. The flaw is allegedly an artifact of
overheating protection mechanisms, and could allow attackers to gain
administrative control over systems.
When the processor begins to overheat or encounters other
conditions that could threaten the motherboard, the computer interrupts
its normal operation, momentarily freezes and stores its activity, said
Loïc Duflot, a computer security specialist for the French government’s
Secretary General for National Defense information technology laboratory.
Cyberattackers can take over a computer by appropriating that safeguard
to make the machine interrupt operations and enter System Management
Mode, Duflot said. Attackers then enter the System Management RAM and
replace the default emergency-response software with custom software
that, when run, will give them full administrative privileges.
Dragos Ruiu, another security consultant who works for the US military
and organized the conference, says that "[e]very computer that runs on x86
chip architecture" could be vulnerable. However, it isn't clear exactly how
easily this flaw could be exploited, or whether an exploit could be
performed remotely. It would also seem that only physically overheating
processors could be affected, so this may be more of a technical
curiosity than a real security issue. Thanks to Slashdot
for the pointer.