backtop

Print E-mail del.icio.us 42 comment(s) - last by Justin Case.. on Jul 18 at 4:26 PM
Code to attack systems using errata vulnerability will be given out freely

In the world of microprocessors it’s common for a CPU containing hundreds of millions of transistors to have physical errors—known as errata in the design. The CPU in computers used day in and day out by the majority of computer users likely contain errata that go unseen and have virtually no noticeable effect on the performance of the processor.

In October the threat from the errata in processors that previously caused no harm will grow significantly. Security researcher and author Kris Kaspersky says that he plans to demonstrate how a hacker could take control of a computer running any operating system by exploiting errata in a CPU.

Not only will Kaspersky demonstrate how such a hack can be made, but he says that he will offer the code freely to anyone—presumably including malicious hackers. The exploit is said to be executed by using instruction sequences and a knowledge of how Java compilers work to allow the hacker to take over the compiler.

Kaspersky says that different errata in different processors will allow different attacks to be launched on computer systems. Kaspersky told PC World, “I'm going to show real working code...and make it publicly available. Some bugs just crash the system; some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections.”

The demonstration of the hack is going to take place in October at the Hack In The Box Security Conference. Kaspersky says that many of the errata vulnerabilities can be fixed with bios updates provided by the CPU makers. However, he points out that not all vendors use the updates and some bugs may have no workaround.

The most recent example of problems caused by errata in a CPU happened when Intel delayed some of its 45nm Penryn parts because of errata.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Irresponsible
By redbone75 on 7/15/2008 2:02:01 PM , Rating: 1
Feel free to disagree, I'm sure some of you will, but this is enormously irresponsible on the part of Kaspersky. To report that errata exists is one thing, but to actually demonstrate it does a huge disservice to innocent businesses/consumers. I'm sure some of you will whine about how it forces the CPU manufacturers to be more responsible and release proper fixes for their products, but what of the innocent customers? Is it their fault for buying the product to, heaven forbid, run a business? It's like saying when a person gets mugged it's his/her fault for buying a wallet/purse to hold money.

Will the demonstration be on errata that the CPU mfr's are aware of and have already released bios updates for? I don't know. If it is, then that makes it less irresponsible, but it's irresponsible none the less.




RE: Irresponsible
By MatthiasF on 7/15/2008 2:18:52 PM , Rating: 4
Security issues are generally best broadcast to everyone so that the good and bad side of the issue get a heads up.

This can let software makers (antivirus, operating systems, etc.) learn to look out for the methods while also offering some pressure to the actual CPU makers to try their best to remove them.

Freedom of information is the cornerstone of modern society. Don't let fear take over the issue. The risks are more often removed faster when issues are made public than kept secret.


RE: Irresponsible
By ksherman on 7/15/2008 2:45:17 PM , Rating: 3
I have to agree with the OP, this seems a little irresponsible. Its one thing for him to say there is a problem, I think its just fine and nessecary to demonstrate it. But then he is taking things a step further by releasing the code to the general public, so anyone with the know how can easily creat and spread the virus. This seems foolish and wrong. Sure it gets CPU manufactures to act quickly (maybe, who says they have to act quickly?) to provide a fix, mean while virus makers have one more tool they need to infect more and more computers.

Oh, $10 says his software can block it. I bet he won't release THAT code.


RE: Irresponsible
By theapparition on 7/15/2008 3:18:39 PM , Rating: 5
quote:
Oh, $10 says his software can block it. I bet he won't release THAT code.

Bingo....

Oh, and it is also reported that some errata that can still be exploited CAN'T be patched through microcode. If that's true, than it's unforgivably irresponsible.


RE: Irresponsible
By winterspan on 7/15/2008 8:36:14 PM , Rating: 5
I usually would agree, but they need to reveal the exploit to the CPU manufacturers BEFORE RELEASING IT TO THE PUBLIC. If this person is not doing so, then that is an incredible disservice to everyone in the computer industry, not to mention businesses and consumers.


RE: Irresponsible
By SlyNine on 7/15/2008 11:20:27 PM , Rating: 2
I agree to a point. But Freedom of information can be abused, and this is at least on the line of abuse.


RE: Irresponsible
By SiN on 7/16/2008 5:05:39 AM , Rating: 1
The method of how to gain control should be the reserve of prodigys that figure it out themselves then sell their sould to a security company or government. Anything else is simply incitement to cause damages or harm.

If kaspersky had already gone to the CPU manufacturer and was told to fuck off for their efforts, then i would have no problem with what they (kaspersky) are doing.


RE: Irresponsible
By SiN on 7/16/2008 5:11:01 AM , Rating: 2
I guess cursing gets you downrated auto style!


RE: Irresponsible
By tmouse on 7/16/2008 11:09:01 AM , Rating: 2
I completely disagree, its one thing to mention they exist and another to provide the mechanism in enough detail to replicate the exploit. First the manufactures must be made aware and given a reasonable amount of time to respond. It is totally impossible to prevent all errors and as these things become more and more complex this will happen more and more. Some can be fixed some may not, its not like they deliberate produce these errors. Even if they do nothing it is totally irresponsible to aid others in using it. This is for his own ego and has nothing to do with helping anyone but himself. You can alert people to the possibility without helping to promote it which this most certainly will. How are you helping anyone by doing this? The damage FAR out weights ANY theoretical benefit. If he does this and these exploits go wild he should be held responsible both legally and financially. Maybe some time behind bars protecting his own security holes from exploits would give him a better perspective.


RE: Irresponsible
By deadrats on 7/15/2008 8:08:35 PM , Rating: 2
i really must disagree with you for one reason: i think kaspersky is severely over-stating the potential problem.

while i am not that well versed with java, i do have a pretty good background with pascal, c, basic and assembler, and i have monkeyed around with the source to more than one compiler.

the most that can be accomplished by exploiting a cpu errata is to cause the cpu to lock up, which means that you would have to reboot the system.

i have racked my brains trying to thing of how a cpu errata can be exploited by malicious code to compromise the kernel or to allow a hacker to take complete control of a system.

cpu errata's are different from software errata's, a flaw in the cpu design is a hardware problem, to compromise the kernel requires a software flaw, as does completely taking over the whole OS.

i really really want to see 1) the theory behind his claims, 2) a working demo and 3) the source code.

quite frankly it sounds to me like so much hot air, the article mentions 2 different attack vectors 1) the java compiler and 2) cpu errata's, if you can exploit the java compiler to accomplish this then you can exploit any assembler, including using C/C++ or FreeBasic with inline assembler language to accomplish the same thing.

i am really skeptical of his claims...


RE: Irresponsible
By masher2 (blog) on 7/15/2008 9:57:01 PM , Rating: 2
quote:
"the most that can be accomplished by exploiting a cpu errata is to cause the cpu to lock up...cpu errata's are different from software errata's, a flaw in the cpu design is a hardware problem, to compromise the kernel requires a software flaw
No. There are many ways a hardware errata could cause a security flaw. Kernel mode code, for instance, is mediated by a hardware flag. Privilege elevation could occur if a cpu errata mistakenly toggles that flag. Hardware errata could also theoretically allow a process to access memory outside its address space -- another security flaw. The list goes on and on.


RE: Irresponsible
By SiN on 7/16/2008 5:18:27 AM , Rating: 2
your not all that well versed in computer hardware and software working together as you put across are you.

or you just want to see the code.


RE: Irresponsible
By deadrats on 7/16/2008 10:56:37 PM , Rating: 2
quote:
your not all that well versed in computer hardware and software working together as you put across are you.

or you just want to see the code.


i'm better versed than most people, and yes, i really want to see the code.


RE: Irresponsible
By tmouse on 7/16/2008 11:18:16 AM , Rating: 2
Even a lock up can cause a lot of damage. For example many scientific devices use computers to control them and since the vendors rarely support their software even patching can cause problems. It’s a poor practice by the vendors but for the purchasers there simply is no recourse, it’s a small market there is no other choice most times. A crash can literally cause ten of thousands of dollars in lost resources (adding in time and rare components for the experiments). I'm sure there are many other examples in other field as well. I hope he is full of it but I think there is probably some meat in his argument and he is behaving totally irresponsibly in giving ANY specifics.


RE: Irresponsible
By MeTaedet on 7/15/2008 11:31:12 PM , Rating: 2
My problem with this is that it is essentially racketeering. Mr. Kaspersky, by releasing this code, will occasion the production of many new viruses to which he will then offer an antidote in the form of his Kaspersky anti-virus software. Either that, or he is fear-mongering, exaggerating the dangers in order to encourage people to purchase his software.

At any rate, he strikes me as being more than a bit sleazy and greedy.


RE: Irresponsible
By ViroMan on 7/16/2008 3:31:41 AM , Rating: 2
Irresponsible?

Perhaps it is but, maby he has already brought it to the manufacturers attention and they brushed him off. There are many people who point out flaws to Microsoft that can allow a takeover attempt and they get brushed off and so they publish the flaws to the public as well.

These errors can be used with Java?!? WOW now were gana have to buy Norton/Mcfee/Nod/CA/(other) for Java.


RE: Irresponsible
By nemrod on 7/16/2008 5:32:22 AM , Rating: 2
Seems there is no link beetwen Eugène Kaspersky and Kris Kaspersky.
So no link between this guy and kasperky lab (antivirus).


Errata what?!?!
By SilthDraeth on 7/15/2008 1:38:57 PM , Rating: 4
I always thought errata was a list of errors and corrections, and the dictionary links below support that. I didn't know an errata was a physical error on a microprocessor.

www.dictionary.com
er·ra·ta Audio Help /?'r?t?, ?'re?-, ?'ræt?/ Pronunciation Key - Show Spelled Pronunciation[i-rah-tuh, i-rey-, i-rat-uh] Pronunciation Key - Show IPA Pronunciation
–noun
1. pl. of erratum.
2. a list of errors and their corrections inserted, usually on a separate page or slip of paper, in a book or other publication; corrigenda.

http://www.merriam-webster.com/dictionary/errata
Main Entry:
er·ra·ta Listen to the pronunciation of errata
Pronunciation:
\e-'rä-t?, -'ra-, -'ra-\
Function:
noun
Etymology:
Latin, plural of erratum
Date:
1573

: a list of corrigenda; also : a page bearing such a list




RE: Errata what?!?!
By thornburg on 7/15/2008 1:54:56 PM , Rating: 2
quote:
I always thought errata was a list of errors and corrections, and the dictionary links below support that. I didn't know an errata was a physical error on a microprocessor.


You are spot on. Errata is a list of known errors.

I guess that the term is evolving to refer to the errors themselves in addition to the list.

FWIW, AFAIK, an unknown bug in a processor (i.e. one that has not been officially announced) would not be considered "errata".


RE: Errata what?!?!
By flyingrooster on 7/15/2008 1:55:51 PM , Rating: 2
That is the dictionary definition, however microprocessor manufacturers such as intel use the word "errata" to describe errors in the cpu. The fixes are released as microcode updates.
http://support.microsoft.com/kb/q288302/
http://en.wikipedia.org/wiki/Errata#Meanings_in_a_...


RE: Errata what?!?!
By KristopherKubicki (blog) on 7/15/2008 1:58:49 PM , Rating: 2
In the CPU world we usually say errata instead of bug, but it's the same.