Intel design flaw hidden for 20 years

Intel bus - Wikimedia CommonsA design flaw in the x86 processor architecture which is almost 20 years old allows hackers to install a rootkit in the low-level firmware of computers.

Christopher Domas, a security researcher with the Battelle Memorial Institute warned that such malware could be undetectable by security products.

The vulnerability stems from a feature first added to the x86 architecture in 1997 and enables hackers to install a rootkit in the processors System Management Mode (SMM). For those who came in late this is a protected region of code that underpins all the firmware security features in modern computers.

Such a rootkit could be used to wipe the UEFI (Unified Extensible Firmware Interface) the BIOS or even to re-infect the OS after a clean install. Protection features like Secure Boot rely on the SMM to be secure.

Intel is aware of the problem and has “mitigated” it in its latest CPUs and is rolling out firmware updates for older processors, but not all of them can be patched, Domas said.

The flaw is limited. The attackers would need to already have kernel or system privileges on a computer. This means the flaw can’t be used by itself to compromise a system.