INTEL'S FIRMWARE HAS HAD ITS CHIPS and is open to a serious CPU security exploit that puts users at risk, according to a security researcher.
Technology is always putting people at risk. It has more backdoors than an illegal drinking den, and more criminals in its postcode than a prison. We are always shining the black light of vulnerability on one firm or another, and today it is Intel's turn.
Christopher Domas is the security researcher, and he presented his findings at the Black Hat conference last week and released them in a detailed and explanatory document.
Domas is a lecturer on computer science and engineering at Ohio State University and part of the local non-profit Battelle, a science and technology institute.
His research paper, entitled The Memory Sinkhole (PDF), shows that it's possible to exploit old hardware and x86 architecture to such an extent that a hacker could take remote control of a system.
This should never be considered a good thing, and the presentation at the show has led to a number of concerned glances in the direction of the Intel architecture.
Shock and awe is guaranteed by the suggestion that the vulnerability has existed for almost two decades and that Domas is able to demonstrate a proof-of-concept exploit.
Battelle said in the run up to the security conference that the Intel x86 architecture is a venerable piece of technology that has become something of a software portmanteau with patchy protection.
"The architecture has heaped layers upon layers of protections, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes," the organisation said.
"Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that's gone unnoticed for 20 years. In one of the most bizarre and complex vulnerabilities we've ever seen, we'll release proof-of-concept code exploiting the vast, unexplored wasteland of forgotten x86 features to demonstrate how to jump malicious code from the paltry ring 0 into the deepest, darkest realms of the processor."
A zero-day exploit exists, according to the researcher, and needs addressing. We have asked Intel for comment on the findings, but so far it has not responded. Reports have it that the firm is working on a solution. µ