This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
The last two weeks have brought us two different attack vectors affecting servers and PC's alike. First Invisible Things Lab's Joanna Rutkowska and Rafal Wojtczuk presented the details of an attack on Intel's System Management Module which lets the malware do whatever it wants and effectively hides from everything else. Meanwhile, An
The last two weeks have brought us two different attack vectors affecting servers and PC's alike. First Invisible Things Lab's Joanna Rutkowska and Rafal Wojtczuk presented the details of an attack on Intel's System Management Module which lets the malware do whatever it wants and effectively hides from everything else. Meanwhile, Anibal Sacco and Alfredo Ortega presented an attack that subverts the BIOS at CanSecWest. Can it get any worse?Well, sure it can. Both of these attack vectors are highly specialized, but Rutkowska did confirm that it's possible to create malware that could discover the necessary parameters carry off an SMM attack rather than having to create specific malware for each motherboard and chipset combination. She's also quick to point out that there are other, easier, and more effective ways to get control of a host.
Conficker is one recent example. Exploiting a known vulnerability for which there is a patch, Conficker continues to spread and according to analysis by SRI continues to evolve and demonstrates the creators ability to adapt and enhance the malware. Conficker is sophisticated, to be sure, but it's no where near the cutting edge exploit that a BIOS update or SMM rootkit is. Yet, Conficker has much more potential.
Both attacks are highly specific and require substantial expertise to become effective. In SMM Rootkits: A New Breed of OS Independent Malware, a paper that Rutkowska references, the authors list number of limitations in making a generalizeable SMM rootkit not the least of which is not having OS driver support to utilize installed hardware.
The research is interesting and the attacks are viable, but given the simpler, easier, more wide spread methods of gaining control of a system, hacking the BIOS or SMM probably isn't big threat.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
A New World of IT Management in 2019This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.