Most Intel x86 Chips Have a Security Flaw

[Karamjit]

AMD chips are also vulnerable, at least in theory

A feature introduced in 1997 in the architecture of x86 chips can now be abused by attackers to install a firmware rootkit, make hardware modifications, or even take actions that lead to system destruction.

The feature, System Management Mode (SMM), was introduced 18 years ago and works in the deepest levels of the x86 architecture, allowing any hacker that abuses it to gain access to a wide variety of further attack points.

Computer security expert Christopher Domas, working for the Battelle Memorial Institute, has uncovered this vulnerability, and tested it on Intel x86 processors, but AMD chips should also be vulnerable, at least in theory.

Mr. Domas claims that 40 years of evolution have made x86 chip architectures a maze of forgotten security backdoors.

Because the initial "4 rings" of access (3,2,1, and 0) a processor would have on a computer were expanded with 2 new ones (-1 and -2), using "elaborate configurations of unexpected architectural features," attackers now have a way to exploit x86 chips, hardware components that work at the lowest level of a computer's architecture.

In his research, Mr. Domas was able to jump code execution from ring 0 to ring -2, allowing him to run operations with kernel level SMM privileges, which would have been normally shut down by the variety of security systems present in the x86 architecture's design.

His tests relied on installing a rootkit in the firmware, but the exploit can easily be used to perform any action an attacker is skilled enough to trigger.

Starting up in SecureBoot won't help

While having a rootkit in your UEFI (BIOS) is bad enough, meaning it can survive PC reinstalls, built-in protection mechanism like SecureBoot are rendered useless as well, because they also rely on SMM to work correctly.

This means the only way to remove the rootkit is through a complete firmware wipe, or firmware update that nullifies its effects.

Because system level privileges are needed for an attacker to be able to exploit this feature, this also reduces the chances of regular users being exploited, since an intermediary agent is needed to infect the computer at first, and a high degree of technical skills is needed from the attacker to alter the chips’ normal functionality.

According to Mr. Domas' estimates, around 100 million computers are affected, but Intel was informed of the issue, already adding built-in mitigation systems to its latest generation of chips, and preparing patches for the older ones.

From

[Ballistic Gelatin]

Uh, why is this being posted in Software Updates? :blink:

[212eta]

http://www.nsaneforums.com/topic/249967-design-flaw-in-intel-chips-opens-door-to-rootkits/?do=findComment&comment=965254

[rudrax]

Hell no. I'm hammering down my intel atom z2520 :angry:

[player]

Hell no. I'm hammering down my intel atom z2520

well...

An issue was disclosed to Intel which leverages architectural differences in processors prior to 2nd Generation Intel® Core™ Processors to gain access to System Management Mode (SMM). Administrator or root level privileges are required to execute the attack.

my interpretation is Intel CPUs since Sandy Bridge are not affected.

source: Local APIC Elevation of Privilege

Edit: According to the researcher's presentation slide p.146, this exploit is fixed on latest generations of Intel CPUs since Sandy Bridge / Atom 2013.

[rudrax]

Hell no. I'm hammering down my intel atom z2520 :angry:

well...

An issue was disclosed to Intel which leverages architectural differences in processors prior to 2nd Generation Intel® Core Processors to gain access to System Management Mode (SMM). Administrator or root level privileges are required to execute the attack.

my interpretation is Intel CPUs since Sandy Bridge are not affected.

source: Local APIC Elevation of Privilege

correct me if i am wrong :unsure:

Mine is BayTrail. Is it safe?

[Karamjit]

Uh, why is this being posted in Software Updates? :blink:

my mistake. posted in already software updates opened page.

[steven36]

Hell no. I'm hammering down my intel atom z2520 :angry:

well...

An issue was disclosed to Intel which leverages architectural differences in processors prior to 2nd Generation Intel® Core Processors to gain access to System Management Mode (SMM). Administrator or root level privileges are required to execute the attack.

my interpretation is Intel CPUs since Sandy Bridge are not affected.

source: Local APIC Elevation of Privilege

correct me if i am wrong :unsure:

Mine is BayTrail. Is it safe?

Isn't Intel Atom Z2520 a new generation Atom processor ?

http://www.ibtimes.co.in/new-asus-zenfone-5-variant-dual-core-intel-atom-soc-released-india-price-specifications-621109

It only effects old x86 computers Intel processors released between 1997 and 2010.

[info999]

sounds like paranoid to me ? I mean how do you modify a microprocessor ? unless you own a microprocessor facility :P

[steven36]

sounds like paranoid to me ? I mean how do you modify a microprocessor ? unless you own a microprocessor facility :P

Ive not had a x86 since 2011 .. Back when they was still selling Vista they were tons of computers still being sold new with 1st generation atom processors with XP for vista haters . But you could use x64 on them as well but really they have didn't CPU to push Windows 7 or vista . You could not even watch HD videos on them.

The good news is that an attacker will need to have low-level access to a PC to carry out this attack. That means either taking the hands-on approach or having to use other malware to get into the system. Physical security can help with the first method, and security software with the second.

Oh, and don't hold your breath for a patch. The idea that Intel or the motherboard vendors are going to invest time and resources into patching hardware that's at least five years old just doesn't float. On the other hand, antivirus firms will no doubt be keeping an eye out for malware that's looking to exploit this vulnerability.

But if you're already infected you're screwed

A firmware-level attack would be not only invisible to antivirus software, but also resistant to hard drive reformatting or reinstalling the operating system.

Once infected there's not much the user can do to protect themselves beyond inspecting the firmware code for anything nefarious.

http://www.zdnet.com/article/new-security-vulnerability-discovered-in-old-intel-chips/

[player]

Ive not had a x86 since 2011

An "x64 CPU" is also an x86 chip. x64 is in fact misnomer of 64-bit x86 processor.

sounds like paranoid to me ? I mean how do you modify a microprocessor ? unless you own a microprocessor facility :P

i'm not sure on hardware modification but firmware rootkit and system destruction are plausible.

Mine is BayTrail. Is it safe?

I can confirm your atom z2520 is safe from this exploit.

[steven36]

What is X86, X64, X86-64, AMD64 and Intel64? What's the difference between them?

They are all names for the Instruction Set Architecture (ISA) of a processor.

x86: This is the original 32-bit Intel x86 instruction set that has come to dominate the world.

x86-64, X64: These are the generic names for the 64-bit extension to x86 that is fully backwards compatible with x86. These are specified by Intel but based on AMD's design.

AMD64: When 64-bit processors were first coming to market, AMD devised the 64-bit extension to the x86 instruction set which maintained backwards compatibility with all the existing 32-bit programs. This was AMD64, it's more or less the same as the current x86-64 specification.

Intel64: This term is ambiguous but could refer to the x86 64-bit extension or it could refer to Intel Itanium (IA-64). IA-64 was Intel's original 64-bit offering to compete with AMD64. It was a complete overhaul of the instruction set that ruined backwards compatibility with all applications for x86. It was a complete failure for Intel and they ended up releasing new processors based on AMD64 which became today's x86 64-bit extension.

http://www.quora.com/What-is-X86-X64-X86-64-AMD64-and-Intel64-Whats-the-difference-between-them

A 64 bit processor can run both 32 and 64 OS (at least an x64 can). A 32 bit processor can run only 32 natively.

The difference is mostly about the size of a Pointer/Reference. On 64 bit machines, you can reference an address in a 64 bit address-range (thus giving you 2^64 bytes of memory). On 32 bit you can only address 2^32 bytes (=4 GB). Now if you look at current computers it is obvious why the world is moving to 64 bit: 32 bit can't easily address all the RAM anymore.

On x64 (AMD/Intel) you have additional benefits of 64 bit. The CPU has more registers and thus allows more efficient code.

On other architectures the differences between 64 and 32 bit are less obvious. For example the Nintendo 64 (remember that?) was a 64 bit machine but most of its code was 32 bit. So in that case 64 bit served more as a marketing trick.

They use to make computers with 1st generation atoms that were 64 bit processors but mostly they put X86 on them because they were not fast enough to handle x64 really .

The performance of a single core Atom is about half that of a Pentium M of the same clock rate. For example, the Atom N270 (1.60 GHz) found in many netbooks such as the Eee PC can deliver around 3300 MIPS and 2.1 GFLOPS in standard benchmarks, compared to 7400 MIPS and 3.9 GFLOPS for the similarly clocked (1.73 GHz) Pentium M 740.

The Pineview platform has proven to be only slightly faster than the previous Diamondville platform. This is because the Pineview platform uses the same Bonnell execution core as Diamondville and is connected to the memory controller via the FSB, hence memory latency and performance in CPU-intensive applications are minimally improved.

I had one of these before i bought it new with xp x86 on it in like 2010 i upgraded it to windows 7 x64 and it didn't last very long with x64 on it , or could it handle x64 very well it was crap. Is these processors that had x86 on them except or is all of them with x86 from that era , or is just the x86 only processor?