Researchers Discover Rootkit Exploit In Intel Processors That Dates Back To 1997
There have been many juicy bits of info to come out of this year's Black Hat conference, including hacking into autos, Macs that suffer a Thunderbolt bug, Microsoft boosting its bug bounty, and yet more vulnerabilities relating to Android. But wait - there's more!
According to Christopher Domas, a researcher for Battelle Memorial Institute, all of Intel's (and possibly AMD's, and with the exception of its absolute latest) x86-based processors dating back to 1997 are vulnerable to an exploit that could grant someone access to the lowest-level firmware in a PC.
The exact target is System Management Mode, the part of a PC that handles system errors and grants control to various subsystems, such as power. While exploiting this bug requires full system privileges, a successful injection could result in a wiped or rootkitted EFI. In the event of the latter, most or all security scanners would be unable to detect an infection, and because of its location, it'd be able to persist regardless of what's done to the rest of the software on the board or installed drives.
Intel apparently is aware of the bug and is working to issue patches for it, but it goes without saying that given just how far back this bug spans, it's highly unlikely that all platforms will be patched up - and even if a wide range of patches are released, most people are simply not going to bother with them simply because they don't know about them.
How a bug like this managed to go unnoticed for so long is anyone's guess, but it is worth noting that this isn't the first SMM-related threat we've seen. Back in 2008, we saw a starkly similar issue. Apparently that wasn't enough to rid the issue between now and then.