Decades Old Rootkit Exploit Discovered in Intel Processors!

The Black Hat conference in Las Vegas this year is raising plenty of eyebrows. Notable headlines include automobile hackers, the hacking of rifles, android vulnerabilities, Microsoft’s expanding on its bug bounty program. It doesn’t end there!

Christopher Domas, a researcher at the Battelle Memorial Institute has made a startling discovery. All of Intel’s X-86 based hardware processors are fundamentally flawed and vulnerable to an exploit that could potentially grant an attacker access to the lowest-level of firmware in a PC, according to a report in PC World.

The vulnerability is likely to extend to AMD-based processors too, with only the very latest hardware proving to be the exception. The design flaw inherent in the x86 processor’s architecture dates back to almost two decades (!) and allows malicious operators to install a rootkit in the firmware of computers, Domas said. Crucially, such rootkit firmware will not be detected by security products.

Related Rootkit Articles: Iowa Man Installs Rootkit & hacks His way to a $14.3 Million Jackpot

An old, significant flaw and foe to users

The fundamental target to the malicious rootkit would be the System Management Mode (SMM). The SMM is a protected enclosure of code that rounds up every firmware security feature in modern computers. Moreover, it is also the part of a computer where system errors are handled and the SMM also grants administrator control and access to various subsystems including the power for the computer.

Despite the necessity of full system privileges and admin access to exploit this vulnerability, a successful injection of the rootkit would result in a wiped or infected United Extensible Firmware Interface (UEFI). Other destructive attacks include targeting the modern BIOS (Basic Input Output System, also the start screen of modern computers) and even re-infecting the operating system after a full wipe/delete and a clean install. Secure Boot, a protective feature will be rendered useless because it too relies on the SMM to be secure in the first place.

Manufacturer Intel is already aware of the bug and is working to roll out patches for the vulnerability. However, not all older processors cannot be patched because of how long they date back to, Domas noted.

Significantly, there’s absolutely nothing that users can do whilst using their Intel-based computers, except to be vigil and try not to be infected by malware looking to gain kernel privileges to install the malicious rootkit.

Intel hasn’t commented on the issue yet.