A researcher from the Battelle Memorial Institute has revealed that every Intel x86-based processor – and possibly some AMD processors – since 1997 are vulnerable to a rootkit exploit that could grant hackers access to the low-level firmware of a PC. Christopher Domas revealed the concern at the Black Hat 2015 conference in Las Vegas this week.
The vulnerable component of the chip is the System Management Mode, which is the part responsible for subsystem controls, such as power distribution. The exploit does require full system privileges, but a successful attack allows a hacker to delete a computer’s Extensible Firmware Interface, or even replace it with a rootkit. Such an attack would be completely undetectable by security scanners, and a rootkit would remain in place regardless of what is done to the board’s software of drives.
Since becoming aware of the bug, Intel has been working on a patch, but since the vulnerability has existed for nearly 20 years, it seems a little late. There’s no telling just how many PCs have fallen victim to this exploit, and it remains unlikely that any patch would reach every endangered processor. Thankfully, the difficulty of launching such an attack, both with the level of system privilege and coding skill required to abuse an exposed processor, means there should be few casualties.
Thank you HotHardware for providing us with this information.
Wonder if the NSA is going “Damn, they found it.”