Researcher set to demo attack on Intel chips
Analyst: 'Serious' Kaspersky claim will entice hackers to find, exploit bugs in processors
Computerworld - The author of several security books is slated to demonstrate how he could take advantage of flaws in Intel Corp.'s chips to launch a remote attack against a computer -- regardless of what software platform it's running.
He also charged that such CPU bugs actually have damaged hard drives without users' knowledge.
"Although CPU bugs are not something new in the security industry, nobody has come out with any proof-of-concept exploits," wrote Kaspersky. "It is just a matter of time before we start seeing these sort of attacks used in more devastating ways over the Internet. Intel has provided work-arounds to major BIOS vendors for some of these bugs, but who knows which vendor actually uses them? End- users are in the dark as to how to check if they are secure or not. Intel doesn't provide any test program for this, and the worst thing is [that] some bugs are still not fixed. In other words, Intel has no work-around for it."
George Alfs, a spokesman for Intel, said he has not yet seen Kaspersky's research, nor has he spoken to him about it.
"We have evaluation teams always looking at issues. We'll certainly take a look at this one," said Alfs. "All chips have errata, and there could be an issue that needs to be checked. Possibly. We'd have to investigate his paper."
Alfs said the first step for Intel will be to get a copy of Kaspersky's paper and then discuss his research with him. Then Intel would conduct its own tests. He would not say whether Kaspersky contacted Intel before going public with his findings.
In his presentation summary, Kaspersky, who does not work for Kaspersky Lab, noted that some of the flaws that he will show off are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java compilers.
"If his allegations are true, then computers from personal computers to servers, are at risk," said Dan Olds, an analyst at Gabriel Consulting Group Inc. "These allegations are serious and, if true, certainly a cause for concern. Just the fact that this is being widely publicized will act as an enticement for hackers to exploit the alleged weaknesses in the processors. That said, I believe that the author may be entering into the land of hyperbole when he says that these bugs can be exploited regardless of operating system or other security measures. That certainly needs to be proven."
Read more about Hardware in Computerworld's Hardware Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Hardware White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!