Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Pentium Computers Vulnerable to Attack?

ScuttleMonkey posted more than 8 years ago | from the sounds-like-more-work-than-it's-worth dept.

227

An anonymous reader writes "One of the latest security scares is coming from security experts at CanSecWest/core '06 in the form of a possible hardware-specific attack. The attack is based on the built-in procedure that Pentium based chips use when they overheat. From the article: 'When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity, said Loïc Duflot, a computer security specialist for the French government's Secretary General for National Defense information technology laboratory. Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.'"

cancel ×

227 comments

the sky is falling (5, Funny)

Anonymous Coward | more than 8 years ago | (#15106891)

physical access means the h4x0rs can take over your computer now, news at 11.

Aren't you already screwed? (5, Interesting)

saleenS281 (859657) | more than 8 years ago | (#15106894)

What am I missing here? If they already have that much access to the system, aren't you already screwed?

Re:Aren't you already screwed? (3, Informative)

Ars Dilbert (852117) | more than 8 years ago | (#15106937)

I suppose this could be used to elevate one's privileges. Restricted user runs the exploit code, and it spawns a process that runs under admin or system credentials.

Re:Aren't you already screwed? (1)

NewWorldDan (899800) | more than 8 years ago | (#15107235)

The signifigance would be a machine that has been stolen and you either want to decrypt some data or impersonate the rightful owner of the machine. Either way, the practical considerations of implementing such an attack are so far out there that I can't imagine even the spookiest government agencies trying this one for real.

Re:Aren't you already screwed? (0)

Anonymous Coward | more than 8 years ago | (#15107307)

I did it.

-- Jack Bauer

Re:Aren't you already screwed? (1)

boxxa (925862) | more than 8 years ago | (#15107035)

Yes. You really need to consider if you have low level techs or employees with that much access to a machine. Would a compromised system still be vaunerable after a reformat or would the attacker need to reapply the exploit to get admin priviliges again?

Re:Aren't you already screwed? (1)

Ucklak (755284) | more than 8 years ago | (#15107178)

I think a scenario could be for access through a client.

Re:Aren't you already screwed? (2, Insightful)

merlin_jim (302773) | more than 8 years ago | (#15107111)

Yeah that's what I'm thinking - if they have already got authority to overwrite your System Management RAM and reprogram your CPU interrupts... one of two things have occurred:

1. They don't NEED to do any of it because they already own your box

2. The system designers really fucked the pooch good on the security design of these components

Come on even Windows knows that not just any Joe User should be able to reprogam the CPU interrupts...

Re:Aren't you already screwed? (2, Insightful)

towsonu2003 (928663) | more than 8 years ago | (#15107134)

FTFA: Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said.
If they already have that much access to the system, aren't you already screwed?
Decide already... Is this a cyberattack (online) or a physical attack (you sit in front of the computer and take out a blowtorch)??

Re:Aren't you already screwed? (3, Informative)

mercut (82226) | more than 8 years ago | (#15107303)

What a crock. At least the editors could have linked to the actual presentation [cansecwest.com] (beware, it's a ppt). I was at CanSec West and this is not as scary as you would think. The exploit requires escalated privileges to begin with. The only thing it can currently be used for is bypassing secure levels inside of OpenBSD, where you already have root. Next time the editors could do a little research before posting, oh wait, this is slashdot. --m

What about MMUs (2, Informative)

Anonymous Coward | more than 8 years ago | (#15106899)

someone could do the same with ANY interrupt handler... oh wait... an MMU would protect against that.

Re:What about MMUs (1)

Mike Savior (802573) | more than 8 years ago | (#15107298)

Opteron has a built in MMU, does it not? If so, this article is just underhanded FUD.

FUD? (1)

KaiserZoze_860 (714450) | more than 8 years ago | (#15106900)

Not alot of details about what chip families are effected... Does it cross over to AMD chips?

Re:FUD? (1)

egburr (141740) | more than 8 years ago | (#15106928)

From TFA: "Every computer that runs on x86 chip architecture may be vulnerable to this attack"

Re:FUD? (5, Insightful)

PsychicX (866028) | more than 8 years ago | (#15107013)

That's where this article gets a little sketchy.

When the processor begins to overheat or encounters other conditions that could threaten the motherboard, the computer interrupts its normal operation, momentarily freezes and stores its activity,
Ok, fine.
Every computer that runs on x86 chip architecture may be vulnerable to this attack
Wait. How did we get here?

Let's go through this, again. Intel Pentium 4s are hot. No surprise there. They enter special modes when overheating that may introduce a security vulnerability. Fine. How does this cross over to AMD and Via chips again? AMD and Via processors don't have special modes like that. If system heat becomes critical they will simply shut the system down flat out. On a Pentium 4, overheating is not entirely unexpected, particularly on the high edge of the clock speeds. On an AMD or Via, overheating is a major failure condition, probably caused by a heatsink falling off.

So, how are all x86 chips vulnerable, exactly? (Incidentally, between this and this [daemonology.net] , AMD is really looking to be a much safer deal, not to mention faster, cooler, more power efficient, etc.)

Re:FUD? (2, Informative)

c_forq (924234) | more than 8 years ago | (#15107238)

If system heat becomes critical they will simply shut the system down flat out. On a Pentium 4, overheating is not entirely unexpected, particularly on the high edge of the clock speeds. On an AMD or Via, overheating is a major failure condition, probably caused by a heat sink falling off.

You are a little off. What a P4 does is "speed stepping" where if it is overheating it will down the clock and avoid areas on the chip that are the hottest, if it gets too hot it will shut down completely. This is designed so that permanent damage does not happen as a result of heat. AMD also has a similar feature now (or claims to, I've heard some cases of people having a heat sink failure and their AMD being trashed as a result), but they didn't used to (it used to be an AMD CPU would cook itself to permanent destruction if it was overheating, there is a good video of a few AMD chips lighting on fire at Tom's Hardware demonstrating this).

Re:FUD? (1)

HairyCanary (688865) | more than 8 years ago | (#15107280)

(it used to be an AMD CPU would cook itself to permanent destruction if it was overheating, there is a good video of a few AMD chips lighting on fire at Tom's Hardware demonstrating this).

Yeah, because heatsinks coming unlatched all by themselves and falling off has been shown to be a common occurence.

Re:FUD? (1)

ThePiMan2003 (676665) | more than 8 years ago | (#15107295)

As someone who has spent years fixing computers, you would be surprised how often that happens.

Re:FUD? (1)

Tim Browse (9263) | more than 8 years ago | (#15107028)

Yikes!

/runs to switch off IBM PC AT in the corner

Re:FUD? (0)

Anonymous Coward | more than 8 years ago | (#15106991)

Judging by the contradiction between the article headline and the mention of "every computer that runs on x86 chip architecture" I can't really tell either. I wouldn't necessarily call this FUD though.

Re:FUD? (0)

Anonymous Coward | more than 8 years ago | (#15107274)

yes, AMD chips just fucking melt on the spot. No need to attack it no more, shit's dead already. (nothing against AMDs, im using one myself :))

Ice cream! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15106904)

Like I always say, ice cream helps computers run cool! Just spoon it in!

Re:Ice cream! (0)

Anonymous Coward | more than 8 years ago | (#15106988)

Off topic? Off topic?? The mods are on crack again.

Hellooooo: When the processor begins to overheat...

Keeping the computer cool is most certainly on topic!
P.S. Strawberry works best.

AMD (0, Flamebait)

fusto99 (939313) | more than 8 years ago | (#15106905)

Yet another reason AMD is better than Intel! I wonder if this affects the new Intel Macs?

Eh? (0, Redundant)

Savage-Rabbit (308260) | more than 8 years ago | (#15107051)

Yet another reason AMD is better than Intel!

Why? I don't think anybody immunized AMD against screwing up, they are just as capable of it as Intel.

I wonder if this affects the new Intel Macs?

I'll reserve the right to modify my opinion after familiarizing myself with the details of the nature of this vulnerability. As a first guess I'll hypothesize that this probably depends on how easy the OS running on the affected Intel box makes it for a remote attacker to exploit this hardware flaw.

WTF? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15106911)

5th

Physical access (4, Insightful)

Toba82 (871257) | more than 8 years ago | (#15106913)

Physical access trumps all security. Everyone knows this. This really isn't news, just an interesting new exploit that happens to affect a lot of... systems that are already vulnerable from the same people in the same situation.

Move along, folks.

Re:Physical access (-1)

Anonymous Coward | more than 8 years ago | (#15107009)

This is NOT about physical access. This is about being able to put in boot straps into various areas, then causing the system to overheat. When it loads in, it is like being in DOS. No protection since it is all bios.

Re:Physical access (1)

Toba82 (871257) | more than 8 years ago | (#15107040)

If you can put in "boot straps into various areas" you may as well just use a boot cd. Also, how do you plan on causing the system to overheat over the network? That's hard to do with mondern systems.

Re:Physical access (1)

really? (199452) | more than 8 years ago | (#15107071)

Wish I had mod points for you.

"Physical access" is one of the reasons why wireless will never - well, not anytime soon, anyway - be fully secure.

Crap (0)

Ailure (853833) | more than 8 years ago | (#15106915)

So anyone have any idea which Intel Pentiums processors that are affected by this? Every Intel processor with overheat protection?

Re:Crap (0)

Anonymous Coward | more than 8 years ago | (#15107220)

Every Intel processor with overheat protection?

Well, any Intel processor without it is already dead, I would assume.

Which x86 processors? (2, Interesting)

Acromion (753478) | more than 8 years ago | (#15106917)

The article states this could be a problem for all x86 processors. Do older processors even have heat management? Also, wouldn't you need admin access to the system to be able to trigger this?

Sensational headline about a poor article. (5, Informative)

dfn_deux (535506) | more than 8 years ago | (#15106921)

This hack assumes that the intruder already has write access to the nvram of the system. Also, the headline is just a cut/paste of a small portion of a poor article with few technical details. There is no PoC code, nor any specific chip mentioned. The headline refers to Pentium chips specifically and the articles says "any x86 based architecture, needless to say these are not interchangable terms... Shame on you Slashdot editors for posting this garbage...

Re:Sensational headline about a poor article. (5, Interesting)

Jonboy X (319895) | more than 8 years ago | (#15107126)

By this point you may be asking yourself, "WTF is FCW.com anyway?" Their about page [fcw.com] explains:
Established in 1987, FCW Media Group uniquely integrates government, business and technology news and information to produce resources that help government IT decision-makers achieve results and meet agency missions. Our market-leading print, online, event and custom media products form an integrated information system that serves the information needs of all members of the government IT buying team-agency executives, program managers, IT managers and systems integrators-across all segments of federal, state and local government.

FCW stands for Federal Computer Week, a trade rag that US gov't stooges use to figure out how to best waste our tax dollars of shiny boxes with blinky lights. Their topic headings include the buzzwords:
  • Defense
  • Enterprise Architecture
  • Executive
  • Integrators
  • Intelligent Infrastructure
  • Product Solutions
  • Program Management
  • Security/Homeland Security
  • Wireless

The anonymous submitter might do well to remain so. Scuttlemonkey, OTOH, may have to enter the witness protection program. He's getting as bad as Zonk.

RAM access? (2, Insightful)

Bogtha (906264) | more than 8 years ago | (#15106923)

Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.

How is it that an unprivileged user can write to such a sensitive location in the first place?

Re:RAM access? (1)

LiquidCoooled (634315) | more than 8 years ago | (#15107116)

Geeks will allow any sufficiently good looking users access to sensitive locations.

How do you think Jessica Simpson got her admin privileges?

Security Experts Untie! (4, Funny)

AKAImBatman (238306) | more than 8 years ago | (#15106924)

I am so glad that we have legions of Security Experts to protect us against every possible Rube Goldberg attack out there. Thanks to their tireless commitment to security, I can sleep safer at night by knowing that no one will take a blowtorch to my processor, install custom software, and then override the security safeguards that they could have gotten through by booting into safe mode. These people are truly a God-send. </sarcasm>

nice firstname but appropriate lastname (0)

Anonymous Coward | more than 8 years ago | (#15106927)

Duflot could be translated from french to "From The Flow"

Good Times (4, Funny)

allanc (25681) | more than 8 years ago | (#15106936)

Remember that old Good Times virus hoax? People who were In The Know knew that it was a hoax because it claimed that, just by opening it, it could physically destroy your computer.

Then a few years later, Microsoft brought us Outlook with automatic attachment opening, making the first part possible, and now Intel has given us the potential for the second part.

Good Times apparently wasn't a hoax, it was just ahead of its times. :)

Re:Good Times (0)

Anonymous Coward | more than 8 years ago | (#15107083)

Yeah right, this is as much a hoax as anything. If someone can do what this article suggests then you've already been hacked. Therefore this is really a non-issue.

It's like saying "Well, someone can change your boot scripts and load any program they want (!!!!) if they update the files in /etc/init.d/ !!!00!!OMG!!!". Yeah... whatever

Re:Good Times (1)

SirDaShadow (603846) | more than 8 years ago | (#15107272)

just by opening it, it could physically destroy your computer.

I think Commodore beat everyone up in terms of being ahead of time...try 1977! [6502.org]


Re:Good Times (1)

Kjella (173770) | more than 8 years ago | (#15107299)

Then a few years later, Microsoft brought us Outlook with automatic attachment opening, making the first part possible, and now Intel has given us the potential for the second part.

Well, "hardware attacks" existed before too. There were some that would send your screen a refresh rate it couldn't handle, and it'd be destroyed (this is back in the text-mode days). Of newer things, some viruses would overwrite the BIOS, which I believe required reflashing in laptops which didn't have a ROM copy to reset to. There's a few other I seem to remember too, none of which were very widespread.

But how? (0, Redundant)

telbij (465356) | more than 8 years ago | (#15106948)

I'm no security expert, but I don't see how this inherently indicates any particular vulnerability:

Cyberattackers can take over a computer by appropriating that safeguard to make the machine interrupt operations and enter System Management Mode, Duflot said. Attackers then enter the System Management RAM and replace the default emergency-response software with custom software that, when run, will give them full administrative privileges.

How do they 'enter System Management RAM'? Presumably this is a local attack where you plug in some hardware to do this while the computer is asleep. How could this possibly work over a network? You also have to make the machine overheat...

Any more knowledgeable speculation on the real threat posed by this?

But how?-Intel Heaters. (0)

Anonymous Coward | more than 8 years ago | (#15107045)

"You also have to make the machine overheat..."

They're Intel. No effort required.

Sensationalist FUD (1)

Cleveland Steamer (625191) | more than 8 years ago | (#15107181)

From reading the article, it sounds like the hardware component of this hack only involves pulling some signal high or low to tell the system management controller in the southbridge that that the system is overheating.

The article does NOT explain how the hacker is able to replace the "emergency-response software" in System Management RAM. Normal applications, running at priviledge level 3, don't have direct access to SM RAM. Only code running at priviledge level 0, such as kernels and device drivers, can directly access SM RAM. But, if you can manage to run code at priviledge level 0 to access SM RAM, you don't need to replace the code in SM RAM to take over the system.

As was inferred by at least one other comment, the article describes a "Rube Goldberg" approach to hacking a system. While potentially entertaining, the method is overly and unnecessarily complicated to achieve the end result.

Re:But how? (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15107261)

While I don't know the details of the security risk (if any); I do know quite a bit about system management mode.

SMM is present on many x86 processors and dates back to the days of NeXGen and Cyrix and 486s. It is basically a real-like mode of the x86 processor where certain hardware emulation type operations are performed.

The SMM software usually resides at A000:0000 which is normally video memory in a PC. However, in SMM the address decoder actually mapps those addresses to physical RAM and runs the SMM kernel to service various requests.

The types of requests that can cause entry to System Management mode are varied and depend on the implementation of the x86 processor. The CPU I am most familiar with is the National Semiconductor Geode series (now in the hands of AMD, I believe). This single-chip CPU behaved almost like a PC (when used with a few, low-cost companion parts). It did this without wasting silicon real-estate by emulating all the crazy ports and nonsense of a legacy PC with SMM software.

For example, there was a simple audio DAC wired up to the CPU. But you can make it look like a soundblaster by writing a virtual device driver. I/O to the sound blaster ports, DMA controller (well, brain-damaged ISA DMA controller), and memory mappings (if any) would result in traps to the SMM kernel, post a message into a queue which the SMM kernel would dispatch to a "soundblaster task" that figured out what you really wanted, maybe did some MMX arithmatic (hey, that chip had a real MMX unit!) and then shovel data to the DAC.

Software was none for the wiser and the hardware could be simple rather than a big legacy emulation machine.

SMM actually had its origins in laptops to handle power management tasks -- long before operating systems knew about power management.

Alternative Processors (0, Troll)

Chemkook (915402) | more than 8 years ago | (#15106953)

Cool, another reason to switch to Sun or AMD.

Re:Alternative Processors (0)

Anonymous Coward | more than 8 years ago | (#15107056)

Yeah, cause everybody knows that AMDs *never* overheat. ;)

Sensationalist (4, Funny)

MobyDisk (75490) | more than 8 years ago | (#15106956)

This attack would already require the malicious software to already be running on the machine and already have super-user access. Once you get there, it doesn't matter. The attack is worthless. Unfortunately, the article is short on details - so you can't tell if there is nothing to see, or if the report is just bad. I suspect there is nothing to see.

Along a similar vein, I have developed a martial art where I can kill anyone in one blow. It requires that my opponent is already tied-up, asleep, and I have a gun.

hello mcfly? anybody home? (0)

Anonymous Coward | more than 8 years ago | (#15106960)

Exactly how is this news??? Are slashdot readers getting stupider by the day? With physical access anything can be broken, it's just a matter of a longer or shorter time lapse.

In other news... (4, Funny)

endrue (927487) | more than 8 years ago | (#15106964)

Pentium computers are vulnerable to baseball bats!

Seriously, if they have access then you are screwed anyways...

- Andrew

Heh (1)

Moby Cock (771358) | more than 8 years ago | (#15106966)

New Security Rule: Keep you wife's hair dryer out of the computer room!

Isn't it about time (0, Troll)

2names (531755) | more than 8 years ago | (#15106967)

Seriously, isn't it about time that we made cracking/virus creation/etc crimes carry a very stiff sentence?

It's not just about recouping losses, it is about making the criminals - and that IS what these people are - fear the consequences of creating this type of thing. It seems like almost every day some new exploit is announced and we all have to check systems, hope for a quick patch, worry about exposure, yada yada yada. I'm fed up with it as I'm sure most other admins are.

Get caught creating a virus? 50 years in prison.
You run a botnet? 50 years in prison.
You cracked into the Defense Department? Life in prison.

We need to stop slapping these a-holes on the wrist and make the punishment severe enough to deter at least SOME of them.

Re:Isn't it about time (0)

Anonymous Coward | more than 8 years ago | (#15107007)

Your values are pretty skewed from the rest of the population if you think creating a virus or running a botnet is worthy of 50 years in prison. Even violent crimes like non-premediated murder and rape typically don't generate prison sentences of that length.

Re:Isn't it about time (1)

2names (531755) | more than 8 years ago | (#15107031)

I need to work on getting my sarcasm to come through more clearly. Sorry.

Re:Isn't it about time (1)

qwijibo (101731) | more than 8 years ago | (#15107286)

You come across too much like the real whiners. Maybe a Monty Python or Simpsons reference as proof would help clarify the intent. =)

Re:Isn't it about time (1)

geoffspear (692508) | more than 8 years ago | (#15107022)

fear the consequences of creating this type of thing.

Fear the consequences of creating Pentium chips? I'm no fan of Intel, myself, but that seems a bit extreme.

Re:Isn't it about time (1)

crabpeople (720852) | more than 8 years ago | (#15107142)

Thats retarded. Spam you should get 50 years but virus writing?

parent is obviously scared by computers and computer crime. news flash, all computers have some sort of security problem. you cant lock people up and think that will solve all the computer security problems so you can sleep well at night. people who are clueless about computers advocate such hard line policies. its ignorance and fear and wanting to do something -anything- no matter how completely irrelevant and meaningless that action is.

WHOOOOSH!!! (1)

2names (531755) | more than 8 years ago | (#15107183)

Did you hear that?

That was the sound of the GP going right over your head.

Re:Isn't it about time (1)

qwijibo (101731) | more than 8 years ago | (#15107211)

What we are you talking about? You realize that a lot of this activity is international, right? Some script kidding in China isn't going to be too worried about what the US is going to do if he violates a US law. There are no consequences most of the time, and that is what people have legitimate reason not to fear.

Also, many of the people doing these things are stupid kids. Come on, $25 for a 10,000 node botnet? That's someone who wants money to play whatever online game is hot these days, not someone with a mortgage. 50 years for a 13 year old acting like a stupid kid is a bit excessive. Summary execution for spammers I can get behind wholeheartedly, but your plan is just too extreme for minor nuisances.

I'm a sysadmin and I'm not fed up with all of the security bulletins and patches. Guess what, keeping up to date in my field of expertise is part of my job. Continuing education is a part of every non-trivial job. The trivial jobs are being outsourced or disappearing. The people you despise are justifying your jobs, just as criminals justify employing so many police officers.

If it makes you feel any better, most of the high paying technical jobs with big companies require that you have no felony convictions. Even if these people get a slap on the wrist, it may seriously limit their future options in life.

Re:Isn't it about time (1)

2names (531755) | more than 8 years ago | (#15107290)

You think I'M out of line? Check out what Oklahoma [slashdot.org] is doing.

I thought (1)

2names (531755) | more than 8 years ago | (#15107214)

I made this post "Captain Cliche" enough for people to get it. Obviously not.

Remember the F00F bug? (1)

ylikone (589264) | more than 8 years ago | (#15106970)

I remember the good old days when you could send the instructions F0 0F to the Intel CPU [amazon.com] and voila... crash!

Re:Remember the F00F bug? (1)

Linker3000 (626634) | more than 8 years ago | (#15107140)

Watch it, I think SCO has copyright on that!

Uh, no (1)

runderwo (609077) | more than 8 years ago | (#15107247)

Try F0 0F C7 C8 [everything2.com] .

Geekdom (1)

protich (961854) | more than 8 years ago | (#15106972)

This was a script for a Geekdom show..

Wait wait wait (1)

MattyCobb (695086) | more than 8 years ago | (#15106975)

I guess I didn't understand the article, but how are these people without any access (yet) to my system causing my CPU to overheat at will? Does this have to do with global warming and my AC crapping out? EH? I knew it was a damn conspiracy against me!

*/equip [EpicTinfoilhat]

More seriously why do they say Pentium at the top and any x86 later on... those don't mean the same thing...

First virus with a temperature (0)

Anonymous Coward | more than 8 years ago | (#15106980)

This is fantastic..now Antivirus tools can start monitoring my PC's temperature...anything above 98F and we've got to call the doctor.

Not being a retard still work, though? Right? (4, Insightful)

SlappyBastard (961143) | more than 8 years ago | (#15106989)

So, if I have a real firewall setup and I don't open every attachment I'm sent, I'm still safe, right? At the end of the day, you still have to run the exploit for it to work. So, how is that any worse than the rootkits running around at the moment? The vast majority of viruses still specifically depend on users who haven't hardened their systems.

Re:Not being a retard still work, though? Right? (1)

VisiX (765225) | more than 8 years ago | (#15107079)

The vast majority of viruses still specifically depend on users who haven't hardened their systems.

I don't agree, most web malware comes from porn sites, and depends entirely on users trying to harden their system.

Re:Not being a retard still work, though? Right? (1)

1u3hr (530656) | more than 8 years ago | (#15107197)

So, if I have a real firewall setup and I don't open every attachment I'm sent, I'm still safe, right?

If by firewall, you mean one made of masonry or asbestos, yes.

AMD... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15106992)

Man, I better switch to AMD so I won't have to worry about viruses! *rolls eyes* Interesting info no doubt, but I hope this doesn't turn into an AMD is teh better fanboy episode... oh wait this is slashdot.

How do you even get it to overheat to begin with? (1)

layer3switch (783864) | more than 8 years ago | (#15107008)

What??? Overheat? So what does attacker have to do, block off all air holes? And what??? System Management RAM? You mean, like Remote Management module like HP's iLO access?

I heard, act of God includes "stupidity".

Re:How do you even get it to overheat to begin wit (1)

Vengeance (46019) | more than 8 years ago | (#15107039)

Turn it on?

Re:How do you even get it to overheat to begin wit (1)

layer3switch (783864) | more than 8 years ago | (#15107109)

Oooo, it's sooo hot. yeah, baby... yeah, daddy like... daddy like...

Re:How do you even get it to overheat to begin wit (1)

merlin_jim (302773) | more than 8 years ago | (#15107132)

How do you even get it to overheat to begin with?

Well I generally like to compliment it on how pretty it's power on indicator is.

Then I might buy it something small, superfluous and pretty like a tennis bracelet or an X800 Radeon.

After that I start gently caressing it's biometric module.

That generally gets it pretty hot...

Remote Overheat (0)

Anonymous Coward | more than 8 years ago | (#15107242)

I remember someone once mentioning that a certain kind of computer (quite old, I forget which) could be forced to shut down by repeatedly using gates/ram directly beneath the temperature sensor.

This kind of thing should be possible remotely, as an unpriveleged user, and also doesn't require the system to actually overheat, just those few gates.

Another hardware-specific attack (1)

suv4x4 (956391) | more than 8 years ago | (#15107030)

Just as dangerous, system analysts discovered an intruder can come with a CD, install malware and run it.

To protect yourself from an attack, it's recommended to never install anything on your computer and remove all sort of input devices such as USB ports, CD-ROM-s, floppies.

Re:Another hardware-specific attack (0)

Anonymous Coward | more than 8 years ago | (#15107155)

Keyboards, mice...

The devil is in the details (5, Insightful)

zenhkim (962487) | more than 8 years ago | (#15107046)

Just went and RTFA, and I'm frustrated by a lack of hard details about the new threat:

- The article states that all x86 processors "could" be vulnerable. Does that mean the *entire* series of Pentium chips, even the older PIII and PII's? If so, are they equally as easy to compromise as the modern versions?

- There is no mention of AMD architecture. Doesn't AMD have an equivalent "overheat failsafe" halt-and-cooldown function? Wouldn't that make AMDs vulnerable to this type of exploit as well, or do they require a slightly different attack?

- Isn't the motherboard BIOS FlashROM responsible for the monitoring of and responding to dangerous CPU temperatures? Haven't they already been safeguarded against unauthorized writes, due to the Chernobyl virus?

I think I'll hold off on ordering the prototype Borg implants when they come on the market.... :-(

Re:The devil is in the details (1)

jrmcferren (935335) | more than 8 years ago | (#15107212)

The AMD systems I deal with have the thermal controls on the Motherboard, NOT the CPU die. The only thing on the die is the diode (and related components). My system will throttle (slow down, like you didn't know that already) in case of an overheat condition. This is hard coded in the system. Also later PIIIs may be the earliest with thermal protections. This does not mean that the XT is vulnerable (note if you own an XT check to see if the factory tape needs reapplied).

Not Very Long Lived... (1)

Rick.C (626083) | more than 8 years ago | (#15107047)

What kind of longevity can you expect from a virus that tries to cook the CPU it runs on?

This reeks (1)

Xargle (165143) | more than 8 years ago | (#15107049)

of falsehood, and to execute such a thing you'd be at a low enough level to wreak havoc anyway.

wouldn't it just be easier (1)

tscheez (71929) | more than 8 years ago | (#15107060)

to use some other exploit? I mean the steps and time involved to use this would be too long to really be effective, since you have to wait until the machine actually overheats to get to this situation. What's the MTBF for a CPU fan these days? 50-70K hrs? They'll be waiting a while to gain admin access.

Custpetition (0, Offtopic)

Doc Ruby (173196) | more than 8 years ago | (#15107065)

I'm interested in how a foreign company is in effect competing with Intel not by being a better vendor to Intel's customers, but by being a more demanding customer than Intel's other customers. They're really only half competing, by threatening the value of Intel's products perceived by the market, the same way a competing vendor would, though they're not doing the other half: offering a competing product that offers better perceived value to the market. Another vendor could do so, finding half their competition process already done for them,

Technology industries used to be nearly entirely "supply-side": driven by suppliers. Unpredictable innovation requiring risky investment, costs of production scaling and distribution, securing free-flowing intellectual property all defined a market always hungry for something newer, faster, smaller, safer. The market itself helped control the industry mainly to the extent that suppliers could guess what the market wanted. We're seeing the market gain power over the industry in many ways. Now we're seeing consumer processes actually resemble competition previously only performed by other producers.

What Microsoft said... (paraphased) (1)

Lead Butthead (321013) | more than 8 years ago | (#15107072)

If the physical location of your servers is compromised, no amount of security software can save you.

Good thing macs aren't vulnerable. (5, Funny)

numbski (515011) | more than 8 years ago | (#15107075)

Whoo, I'm safe!
# machine
i486
Well, crap. :P

FUD (1)

cyber-dragon.net (899244) | more than 8 years ago | (#15107087)

This is pure FUD, why is it even posted here? The article was mildly interesting but the title was misleading and blatantly AMD fanboy. While I realize that is popular around here give me a break... if you want a real processor war do it on fair grounds, not mud slinging.

in other news (1)

aexiphixion (529171) | more than 8 years ago | (#15107091)

booting from cd found to allow hackers to change root password

A few more details (5, Informative)

Mr 44 (180750) | more than 8 years ago | (#15107100)

I can't find the actual paper anywhere, but this blog posting [ncircle.com] has way more details than the article originally linked ... Very interestingly, Windows XP is not vulnerable, but OpenBSD is.

I think Im covered (0, Troll)

night_flyer (453866) | more than 8 years ago | (#15107106)

My Intel machine has Linux and my Windows Machines are AMDs

exploit schmexploit (1)

revery (456516) | more than 8 years ago | (#15107119)

Relax, I just got an email (that Thunderbird thought was a scam - you truly do get what you pay for...) with a link in it that automatically downloaded me a new processor (Pentium6 baby)...

I ran it, and now my computer is "resting" for a few days.

Take that Loic Duflot

(if you want the link, just let me know, and when I boot up my new 6, I'll send it to you)

--
I just put some lightnin' in my Dell

Semi Permanent Backdoor? (2, Insightful)

Oriumpor (446718) | more than 8 years ago | (#15107129)

Let me get this right, by DoSing the proc someone can overwrite the embedded code on the chip? If someone already owned the box and were to use this, it sounds like it would be the ultimate rootkit. Place in the proc, then when the system is hardened/reloaded initiate another DoS (lots are available for winblows) and viola instant re-infected Zombie PC.

Or am I confused?

A "1" (1)

gone.fishing (213219) | more than 8 years ago | (#15107138)

On a scale of 1 to 10, I think this threat is somewhere between 0.5 and 1.5. There are so many better ways to invade a computer than to somehow sneak this on there and wait for the machine to overheat. Especially now since the vunerability has been exposed, I'm sure the bit time virus vendors will now write code to look for it.

Sure it is probably possible, but then I suppose it would be possible to retrofit my truck into a boat. Heck, it would probably be easier and faster to do that than it would be to build and execute (in the wild) an exploit based on this.

UNIVAC had similar vulnerability in checkpoint (4, Interesting)

dbc (135354) | more than 8 years ago | (#15107162)

This reminds me of the vulnerability in the operating system that shipped with the Univac 1100/10. The checkpoint/restart facility allowed you to write a checkpoint image to tape. Part of the checkpoint image was the system status register.

The crack:
1. Checkpoint your job to tape.
2. remount tape.
3. fiddle the executive-mode bit in the dumped status register.
4. remount tape.
5. restart job -- mainframe p0wn3d.

Of course, in those days, a student that could do that was quickly hired into the system programming staff so that they could keep a closer eye on him and also get some productive work from him.

Ohh... BTW... if you can find an 1100/10 these days, it won't work any more. They fixed that about the same time they quit making CPU's out of vacuum tubes.

I wish Intel would create new bugs, instead of just repeating old ones. Copycats.

Just think, the script kiddies that pulled this off are now drawing Social Security.

I'm Safe (2, Funny)

Waffle Iron (339739) | more than 8 years ago | (#15107169)

It's a good thing I run an old Athlon. This chip has a simple overheat handling procedure: just emit good old-fashioned smoke.

Not only do you receive a convenient olfactory signal to alert you to the situation, but you also avoid security breaches brought on by overly complex thermal management.

i heard about this! (1)

moochfish (822730) | more than 8 years ago | (#15107187)

Recently, researchers discovered a new hardware specific attack that could render virtually all computers vulnerable to attackers. They said that if an attacker gains access to the keyboard, they could inject any arbitrary code into the system and gain administrative privilages.

Recommended work around (1)

mr_z_beeblebrox (591077) | more than 8 years ago | (#15107213)

Do not leave your servers out in the open, lock them in a controlled access room (perhaps climate control as well). Throughly vet who gets into your server room. Additionally, do not let people who have low access levels access 'low levels' of the machine. This is revolutionary... in 20 years I can see it being commonplace for companies to have a "server room" outstanding research guys.

All Pentiums also vulnerable to DoS (4, Funny)

throx (42621) | more than 8 years ago | (#15107255)

ALERT!

Pentium based machines are also vulnerable to a denial of service attack from a hacker with physical access to the machine and in the possession of a large axe. Should the attacker be wielding a pair of axes (one in each hand) then the attack would constitute a distributed denial of service.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...