Remote code execution through Intel CPU bugs

Summary:Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia.

Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his

Kris Kaspersky
research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia. If his proof of concept code consisting of JavaScript or TCP/IP packet attacks on Intel based machines succeeds, given Intel's dominant market share on the market the potential outbreak could be enormous since as he claims, the PoC is OS independent, namely all operating systems running Intel chips are said to be vulnerable. Here's an abstract from his upcoming presentation :

"Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running. In this presentation, I will share with the participants the finding of my CPU malware detection research which was funded by Endeavor Security. I will also present to the participants my improved POC code and will show participants how it’s possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want (for example: short nested loops lead to system crashes on many CPUs). I will also share with the participants my experience in data recovery and how CPU bugs have actually contributed in damaging our hard drives without our knowledge. "

Intel will be keeping an eye on his upcoming research :

"George Alfs, a spokesman for Intel, said he has not yet seen Kaspersky's research, nor has he spoken to him about it. "We have evaluation teams always looking at issues. We'll certainly take a look at this one," said Alfs. "All chips have errata, and there could be an issue that needs to be checked. Possibly. We'd have to investigate his paper."

BIOS based rootkits are nothing new with John Heasman's research into Implementing and Detecting a PCI Rootkit, published in 2006. And with the possibility of malware hiding at the lowest possible level already a fact, what will be very interesting to monitor is a universal remote code execution based on chip's manufacturer. Everything is possible, the impossible just takes a little longer.

Topics: Processors

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.