The Intel x86 architecture processor has suffered from a design defect for almost 20 years. This flaw could allow hackers install a rootkit in the low-level firmware of computers, according to a security researcher, who notes the malware can’t be traced by most security software.
Intel aware of the vulnerability
On Thursday, Christopher Domas, a security researcher with the Battelle Memorial Institute, unveiled the flaw at the Black Hat security conference. Domas said the vulnerability is the result of the feature added to the x86 architecture in 1997.
According to Domas, Intel is already aware of the issue, and has resolved it in its latest CPUs. The security expert added that the chip maker is coming up with some firmware updates for older processors, but it is not effective for all of them.
This vulnerability can be used by the attackers to put a rootkit in the processor’s System Management Mode (SMM), which is a secured segment supporting the security features in modern computers.
If the attacker succeeds in installing the rootkit, it could result into severe effects such as deleting the UEFI (Unified Extensible Firmware Interface) and the modern BIOS. Even after a fresh install, the rootkit can still re-infect the OS. Protection features such as Secure Boot will also be helpless as they require the SMM to be secure. According to Domas, the vulnerability shakes the roots of trust of hardware.
What can users do? Nothing
Attackers need to have kernel or system privileges in order to make use of the vulnerability and install malware on a computer. This means hackers can’t use it to exploit a system with a password, but it could support already existing malware making it almost untraceable, says a report from PC World.
Aside from Intel processors, Domas notes that AMD x86 processors could also be susceptible in theory. Even if a BIOS/UEFI update is offered by the computer makers, the adoption of the update may take time. Regarding how users can stay away from the malware, the report says all you can do is make sure you don’t get infected by malware that could gain kernel privileges.
So far there has been no comment from Intel over the claims made by Domas.