In the Intel x86 detected current of about 20 years, the vulnerability that allowed hackers to install on computers “eternal” Trojans, said at the conference Black Hat analyst at Battelle Memorial Institute Christopher Domas. The defect in the architecture of the chips allows attackers to put a rootkit in firmware PC and get to the system virtually unlimited access.
Vulnerability in x86 architecture, according to Cnews, appeared in 1997, but found it was only now, 18 years later. It allows the attacker to access the operating mode of the processor System Management Mode (SMM) implemented in Intel chips. Mode SMM provides the program with the highest possible accesses in the system (above any level of access to the OS, as the SMM mode is at a lower system level). In the SMM mode, the hacker can reset the “BIOS”, violating the work PC, or embedded in the firmware of the personal computer malicious code.
This code can then be used, for example, to restore a virus. Thus, the malware can stay on the computer forever — and the user will not be able to understand where the malware comes from.
Domas tested for vulnerabilities only Intel chips, but noted that AMD processors can also be present, as they are based on the same architecture.
According to the expert, he was notified about the problem Intel is already fixed in the processors of the last generation. In addition, the company released a patch for previous generations of chips. However, it allows a “cure” far from all processors. The most effective method of combating this issue is the adoption of new chips.
In order to carry out the attack, the hacker must first obtain system administrator privileges. That is, in and of itself is not a security vulnerability allows access to the computer initially, and only helps to disguise already put in this virus.
Previously, the security of basic components of computer systems has repeatedly been called into question. So, in March 2015 researchers Xeno and Corey Cova Kahlenberg at the CanSecWest conference in Vancouver, Canada, has demonstrated the ability to remotely reflash “BIOSes” personal computers, placing in its software the malicious code.
Recently Xeno Cove together with his colleague Trammell Hudson announced the development of a computer worm called Thunderstrike 2, capable of penetrating beyond the reach of the anti-virus firmware Mac computers, bypassing all barriers security systems.
