Researcher claims to have discovered universal attack code for Intel chips: no one is safe
by Paul Miller 
posted Jul 16th 2008 at 3:06PM
Previous
Motorola DROID review
Crazy-hinged Dell Adamo XPS hands-on!
BlackBerry Bold 9700 hands-on and impressions
HTC's HD2 hands-on
Sony Ericsson XPERIA X10 hands-on
Nokia vs. Apple: the in-depth analysis
Google Navigation video hands-on: you want this
How-to: recycle your old gadgets
Engadget Podcast 170 - 11.08.2009
Breaking news Feed
- Kindle for PC app out now, Mac version to soon follow
- Nokia N900 is now shipping!
- Mac OS X 10.6.2 update out on the prowl (update: Atom support is gone)
- Motorola Motus gets FCC approval, Sholes Tablet looking legit
- RIM unveils tighter Adobe partnership, new app payment platform, OpenGL ES support, more
- DROID and DROID Eris now cash sentient on Verizon
- BlackBerry Curve 8530 now official on Sprint
- Dell Adamo XPS coming 'in time for the holidays' for $1799 (unboxing and hands-on video!)
- Verizon launches BlackBerry 8530, LG Chocolate Touch, Samsung Convoy, and prepaid data
- Verizon's DROID ERIS by HTC does Android and keeps it cheap
Featured stories Feed
- PowerGenix NiZn rechargeable AA batteries: finally, some cells worth buying
- Entelligence: Heads I win, tails so do you
- Engadget Podcast 170 - 11.08.2009
- Switched On: Developing a sense of rumor
- How would you change Windows Mobile 6.5?
- HTC Hero / Eris mega faceoff on video
- Ask Engadget: Best wireless touchpad / trackpad?
- iPhone vs DROID multitouch keyboard showdown (video)
- TwitterPeek review
- Verizon's BlackBerry 8530 and LG Chocolate Touch go hands-on
- Droid Does... only have 256MB of storage for apps
- With AdMob purchase, there's really no escaping Google advertising now
- Windows 7 security defeated by 8 out of 10 malware applications
- One Finger Discount takes on MacHeist with 20% off tons of Mac apps
- Comodo Easy VPN is a fast, free Hamachi alternative for Windows
Resources
Sections
WIN Network
- Autos
- Technology
- Lifestyle
- Gaming
- Finance
- Entertainment on AOL
- Lifestyle on AOL
- Sports on AOL
- Travel on AOL
- Also on AOL
Reader Comments (Page 1 of 2)
Dillon @ Jul 16th 2008 3:10PM
Looks like AMD has won this time.
tom @ Jul 16th 2008 3:18PM
^ I sure hope so! Or is it Kaspersky hasn't got to AMD yet? LOL
DSeaver @ Jul 16th 2008 3:22PM
Is that true? Doesn't AMD use the Intel instruction set? That would mean it could be affected by this code. Looks like ARM/PPC/SPARC/etc. has won this time!
Jonyah @ Jul 16th 2008 3:29PM
amd uses the same instruction sets yes, but they are implemented different. it is possible this just effects intel, which would be really cool (I have machines running on either). I'm not a fanboy of either even though I used to work for AMD, but each company has benefits to me (intel in mobile of course and amd for afforable desktops
tom @ Jul 16th 2008 3:29PM
AFAIK -only x86 and MMX and SSE and SSE2 and more SSE#
Andrew @ Jul 16th 2008 3:47PM
The attack is used on the errata found in the INTEL CPUs.. Unless AMD's errata are identical to Intel's, it likely will be rendered useless (unless modified). I'm sure it won't be long before more and more hardware-attacks are found as more and more people move toward alternative OS's .. This is a reason why I dislike CISC CPUs, and why RISC is a better alternative - less Points of Failure.
If Intel only didn't have so much money to plow through the issues it faced with CISC at the beginning ...
Fara @ Jul 16th 2008 4:19PM
Intels present CPUs aren't CISC. Except for the Atom.
Also, PowerPC G4 and G5 weren't RISC.
They're Post-RISC/Post-CISC. They implement ideas from both ideologies.
Saying that RISC is better is sooooo 1980's
OneLove @ Jul 16th 2008 5:57PM
That's why I use my own home made chip.
simple3 @ Jul 16th 2008 6:34PM
and i make my own salsa!
Matthew C @ Jul 16th 2008 7:15PM
Oh how I miss the PPC Mac...
Anthony @ Jul 17th 2008 1:52AM
mmmmhmmmm AMD tri-core !
im down =]
lol @ Jul 16th 2008 7:11PM
Hey, is that a Gibson?
If so, the password is definitely "god"
Michael @ Jul 16th 2008 3:53PM
Love the pic. Hack the Planet!!
tunafish @ Jul 16th 2008 5:56PM
why not sex love or secret?
Brian! @ Jul 16th 2008 3:11PM
Hrmm. This seems pretty weak. Javascript or TCP/IP? So there is a Javascript command that he can run in any browser that can take over my computer?
Or some TCP/IP special signal?
I look forward to the follow-up story on this one.
Vonce @ Jul 16th 2008 4:53PM
Yeah I agree with Brian! - weak
JavaScript/ TCP/IP + Java ?
"The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. "
So what: a hacker can take control of the Java Virtual Machine compiler on my computer - NOW WHAT? Even if you could upload some code, compile it, and run it on my computer, it'd still be in the VM. What's Kris Kaspersky gonna do- break openoffice on everyone's computer?
KarlW @ Jul 17th 2008 2:40AM
Javascript still executes code on the CPU. Knowing how a set of javascript commands will be interpreted, and the processor errata, he can design a script to fall in to some of the holes.
That said, I'm not sure how he goes from errata -> stealing CC numbers or whatever.
siriusfox @ Jul 17th 2008 10:36AM
From the looks of things, this article incorrectly ties javascript into the method that will be used. I get the feeling that this is more java based than anything, and it sounds like he uses a CPU exploit to gain control of the java compiler, then uses JAVA EXPLOITS to gain further control of the system. Either that or the other way around.
Frankly though, he says that these would be undetectable and unpatchable at the system level, but I have a hard time believing that OS makers can't figure out the specific problems presented by these bugs, and simple workaround to prevent them at the lower levels of the system.
Philippe @ Jul 16th 2008 3:12PM
Does it also provide free energy?
Scott @ Jul 16th 2008 3:55PM
Seriously though, he must be a smart guy but you would think these people could find something useful to do with there time.
Aedile @ Jul 16th 2008 3:59PM
No but it blends and plays Quake.
-aedile-
Ghen @ Jul 17th 2008 7:48AM
My same thought. Cracking processors is the new perpetual motion / free energy announcement.
bob @ Jul 16th 2008 3:13PM
so is this bios level? does that mean efi is safe?
yuppicide @ Jul 16th 2008 3:21PM
The password is UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT A B START.
They can't do anything to my computer, though. I'm invincible. I'm also not connected to the internet.
EricR @ Jul 16th 2008 3:25PM
I see what you did there...
paul @ Jul 16th 2008 3:30PM
FAIL.
B A start.
Rocketboy @ Jul 16th 2008 3:32PM
What did he do? I'm confused.
vileta2 @ Jul 16th 2008 3:42PM
Isn't it ^ ^ v v < > < > X O? And where did the START come from? Are we talking about the same thing?
Steven @ Jul 16th 2008 3:44PM
@ vileta2
The code for the original Contra is ^ ^ v v< >< >BA Start. Must be talking about two different things.
xstream @ Jul 16th 2008 3:13PM
have i told you i've found the key to free energy, beer and sex but i won't tell anybody lol
retro77 @ Jul 16th 2008 3:14PM
So glad to be an AMD fanboy today.
xcrunk @ Jul 16th 2008 3:14PM
Neo, you are the one!
neofolklore @ Jul 17th 2008 8:26AM
thank you
joe @ Jul 16th 2008 3:20PM
best movie ever.
rock99rock @ Jul 16th 2008 5:39PM
No, no it wasn't. It was good, but no Godfather/Braveheart/Saving Private Ryan. /Ace Ventura for good measure.
rutsy5 @ Jul 16th 2008 3:20PM
shat
initialxy @ Jul 16th 2008 3:24PM
wow that sounds pretty bad. take control of a computer using JavaScript? i will be interested to see the demo.
ShadowKain @ Jul 16th 2008 3:27PM
That form the movie Hackers?
Dan @ Jul 16th 2008 4:13PM
indeed it is, zero-cool
ryan.sahb @ Jul 17th 2008 2:58AM
I laugh so hard everytime I watch that movie :D
"OH NOES THEY IS BREAKING OUR TOWERS"
SuperSexyErik @ Jul 16th 2008 3:28PM
Do you now see why iPhone doesn't use intel? Steve jobs can see the future!
Jonyah @ Jul 16th 2008 3:31PM
ya steve jobs sees the future.... and all macs run on intel.
SuperSexyErik @ Jul 16th 2008 3:45PM
wrong. Some run on powerpc. Fool
Paul Dullford @ Jul 16th 2008 8:18PM
Puhleeze. First off, no further Macs at all use PowerPC, which is basically a dead platform for PC's now that the only thing out there using it that people still sell is the Xbox 360. Second off, you think Steve Jobs sees the future because of his reality distortion field when all he is doing is replicating stuff that has been going on for the past few years and making it more friendly. (Multi-touch? Do a search for Jeff Han. Graphical user interface for the first Mac? Do a search for Xerox's GUI. And so on.)
And to defeat your point completely, the iPhone tangentially is an Intel processor because basic architecture of its Xscale processor was developed by Intel. There.
iamsoinsane @ Jul 17th 2008 9:28PM
Gotta do it....
Epi...err Legendary Fail.... Erik
dun dun dunnnnn...
digitallysick @ Jul 16th 2008 3:29PM
Code that could control any computer in the world regardless of OS. Wow, i would say he better be careful, a lot of people will be after this.
macserv @ Jul 18th 2008 12:21AM
I'll believe it when I see it successfully compromise a Linux machine and a Mac OS X system remotely, with no direct access to the hardware. Definitely an intriguing notion, though.
And by "Mac OS X system," I mean a legal, EFI-equipped box, made by Apple... not a "clone".
Carlo Montagnino @ Jul 16th 2008 3:33PM
I wrote a greasemonkey script that finds the names of members of van halen and makes links out of them to google searches of their names. It also inserts a little "VH" logo next to it.
NOONE IS SAFE
thedesolate1 @ Jul 16th 2008 3:33PM
yup just go ahead and tell every hacker out there instead of just informing the hardware manufactureres. So all of us with intel chips can get screwed.
NG @ Jul 16th 2008 7:40PM
no worries, big ass firm like that will go and shut him up lol