Monday, July 14, 2008

Processor Errata to be Next Big Virus Exploit

Writing cross-platform viruses were nearly impossible earlier and hence a virus would mostly affect only Windows or Linux or OSX, but not all of these together.virus Most Linux/*nix/Mac users felt viruses were only for Windows users, because of underlying OS protection in Unix user access model was good enough. But all of it could change if malware was written for common hardware platform such as Microprocessors or BIOS or Hardware Firmware. Well known author and security researcher, Kris Kaspersky is going to demonstrate how to create malware for processor bugs at the Hack-In-The-Box Security Conference (HITB) to be held from 27th-30th Oct, 2008 at Malaysia.

Processors from Intel and AMD often contain bugs known as errata and generally the way to fix these bugs is by updating the BIOS or Firmware in motherboards. Nearly every generation of processor has these bugs and if these aren’t any major bug, then no one even knows of them in normal computer functioning. But in some special cases these bugs affect some computers or software being used, and that’s when these bugs come into the light. Like the recent TLB Errata in 1st generation Opteron (Barcelona) processors from AMD would corrupt data in certain situations.

Currently, there isn’t a truly generalized way to exploit processor bugs and requires some detailed understanding of hardware and software combination. Most processor manufacturers don’t even mention deep details on the bugs and hence exploring them is a little more tough. Kris Kaspersky has claims to have found some way using JavaScript to exploit these bugs. Also, JIT compilers from Java Virtual Machines may be used to uncover and exploit the bugs, according to the Abstract of the Presentation at HITB.

If Kris Kaspersky’s “Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming” book is anything to go by, we may have excellent and easy example by which he demonstrates the exploits. It could easily be replicated and understood by hackers and worked upon for other bugs. Stopping such exploits would be tough not just for anti-virus makers, but also for Operating system patches. And even if some fix is released on the motherboard BIOS, it is generally not implemented by all motherboard manufacturers... And user ignorance towards these BIOS updates is not even worth mentioning! This could easily be one of the tough and complex security problems to have come up!

1 comment:

mike3 said...

It's time for a replacement of legacy BIOS. BIOS is a horrifically outdated system.