Researcher to expose Intel security flaws

An independent security researcher has flagged plans to reveal a proof of concept security exploit that could work remotely against any machine using Intel processors, including those used in Apple's famously secure Macs.

An independent security researcher has flagged plans to reveal a proof of concept security exploit that could work remotely against any machine using Intel processors, including those used in Apple's famously secure Macs.

Researcher Kris Kaspersky
(Credit: ZDNet.com)

Independent security researcher Kris Kaspersky — not of Kaspersky Labs — claims to have developed exploit code for an attack on any machine using Intel's Core 2 and Itanium processors.

In the brief for a presentation in October at the Hack in the Box conference in Malaysia, he claims that Intel's Core 2 line of chips has 128 known bugs, while Itanium has over 230 available to exploit. Although Intel has given BIOS vendors workarounds to close bugs, some remain exposed, according to the researcher.

Kaspersky has not said which bugs he will exploit. "Some bugs 'just' crash the system (under quite rare conditions) while the others give the attackers full control over the machine," he wrote in the brief.

Although CPU bugs are not new, he claimed there wasn't any known malware that exploited the bugs and said he believed these attacks would be soon delivered over the internet. Kaspersky plans to unveil an exploit that does this by using JavaScript code or TCP/IP packets.

Security observers remained reserved about Kaspersky's claims.

"If it works as described, antivirus [software] would not detect it — although it might catch misbehaving JavaScript, depending on the AV plug-in configuration in your browser. But over IP, you're probably out of luck. I suppose it depends on how it runs the code for a CPU bug," senior security consultant for Pure Hacking, Chris Gatford, told ZDNet.com.au.

Although the impact of the exploit is not known, Mac users stand to be negatively affected if malware writers adopt Kaspersky's exploit. Today, malware that can compromise Mac OS X machines is relatively rare, sitting at just over 100, according to antivirus company, F-Secure. However, Apple started using Intel's Core Duo chips in 2006, bringing the vendor into Kaspersky's firing line at the conference.

However, Intelligent Business Research Services security analyst James Turner does not believe the exploit will be useful to malware writers.

"Attacks which directly target the hardware are interesting as a proof of concept, but you have to question their usefulness to the attacker since we're all moving towards virtualised applications and operating systems. The point about virtualising the OS is to make the hardware immaterial through abstracting it even further than it is," IBRS security analyst James Turner told ZDNet.com.au.

"The clear trend for the last few years is for malware to target higher up the application stack. The operating systems, while far from perfect, are getting better. But the stats from the X-Force on vulnerabilities from 2007 show that half the vulnerabilities enabled access and that's pretty much the ball game," he said.

Paul Ducklin, head of technology at the Australian arm of antivirus company Sophos, said in many cases, exploits against hardware had been squashed through the clever use of software.

One such example was the F00f code, discovered in 1997, which was a design flaw in many of Intel's older Pentium processors. "Each operating system maker had to find a different way of working around the flaw," Ducklin said.

"It doesn't imply that every CPU bug will apply to every operating system," he added.

The possible breakthrough from Kaspersky's claim is that his exploits will work on machines that use Intel Core 2 or Itanium rather than targeting Mac's security because typically today, for malware writers to target say Mac OS X, they must write code that works on that particular operating system.