Joanna Rutkowska founder and CEO of Invisible Things Lab alongside Rafal Wojtczuk released documentation on attacking SMM memory via Intel CPU cache Poisoning.
They did not release an SMM rootkit. Some thought they would. What was released includes totally harmless shell code according to Ms Rutkowska's blog.
Here is a link to the paper.
System Management Mode (SMM) is the most privileged CPU operation
mode on x86/x86_64 architectures.
It is essentially "Ring -2". The code executing in SMM has more privileges than hypervisors (VT), which are colloquially referred to as if operating in "Ring -1".
The protection of SMM can be trivially circumvented. This means that if you have an Intel CPU in your computer it is very important to update everything you can, and do it now! When the real rootkit comes out, which is probably hours from now based upon hacker persistance levels of late, you are doomed! Doomed I say!
A talk was given today at CanSecWest on this defcon level (yes you'd better turn that thing up too) paper by Loic Duflot also of Invisible Things Lab.
For those of us running "less powerful" AMD processors... you've been spared this round. We're down to the finalists now Simon... Who goes home next?? Better yet... Who are you going to save??
Edit - Delete
No comments posted yet.