Remote code execution through Intel CPU bugs

Remote code execution through Intel CPU bugs

Summary: Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia.

SHARE:
TOPICS: Processors
4

Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting hisKris Kaspersky research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia. If his proof of concept code consisting of JavaScript or TCP/IP packet attacks on Intel based machines succeeds, given Intel's dominant market share on the market the potential outbreak could be enormous since as he claims, the PoC is OS independent, namely all operating systems running Intel chips are said to be vulnerable. Here's an abstract from his upcoming presentation :

"Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running. In this presentation, I will share with the participants the finding of my CPU malware detection research which was funded by Endeavor Security. I will also present to the participants my improved POC code and will show participants how it’s possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want (for example: short nested loops lead to system crashes on many CPUs). I will also share with the participants my experience in data recovery and how CPU bugs have actually contributed in damaging our hard drives without our knowledge. "

Intel will be keeping an eye on his upcoming research :

"George Alfs, a spokesman for Intel, said he has not yet seen Kaspersky's research, nor has he spoken to him about it. "We have evaluation teams always looking at issues. We'll certainly take a look at this one," said Alfs. "All chips have errata, and there could be an issue that needs to be checked. Possibly. We'd have to investigate his paper."

BIOS based rootkits are nothing new with John Heasman's research into Implementing and Detecting a PCI Rootkit, published in 2006. And with the possibility of malware hiding at the lowest possible level already a fact, what will be very interesting to monitor is a universal remote code execution based on chip's manufacturer. Everything is possible, the impossible just takes a little longer.

Topic: Processors

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Another attack path: Just what we need!

    Now that there are millions of instances of every type of microprocessor, ANY bug in one will be in millions of systems. Relying on bugs is---um---buggy, but just checking every system you can (as a criminal, I mean) will result in some success.
    <BR><BR>
    I would love to know---in some easy-to-understand general sense---how this is done, assuming it IS possible. There are Science-Fiction stories (a few) which involve this kind of thing, but I never thought it would really be possible. <BR><BR>
    Mr. Kaspersky has very nice hair. And it is very long, too. I suspect the time needed to find a bug like this is even longer. How can a bug this small and weird be detected within one man's lifetime? <BR><BR>
    Ah, something new every day!
    <BR>
    Master Dave
    Master Dave
  • Intel I want my money back at least 10x more!

    Intel I want my money back at least 10x more I payed for this crappy processor! I readed the Intel Specification Updates and around 80% of bugs have absolutely NO FIX AT ALL!!!!!
    Gradius2
  • RE: Remote code execution through Intel CPU bugs

    Now that, I have to admit, is a new one on me! Never considered it from that direction. Neat. And pathetic all at the same time. When's nextgen due again?
    twaynesdomain-22354355019875063839220739305988
  • Kino online

    No i look <a href="http://bekino.ru">kino online</a>.
    thenik