Researcher claims to have discovered universal attack code for Intel chips: no one is safe

by Paul Miller, posted Jul 16th 2008 at 3:06PM

Also, he says he found Intel's diary and is totally telling everybody about that one thing. But seriously, we think Kris Kaspersky is being a bit of a tease here. He claims to have found a flaw in Intel's processors that would allow a hacker to bust up on a computer using JavaScript or TCP/IP, with no regard for what operating system the computer is running... only he won't say what it is. He's planning on unveiling the attack at the Hack In The Box conference in Malaysia this October, where he says he'll show working code that can take control of computers, all of which he plans to release publicly. The attack takes advantage of known errata in chips, which most vendors have a workaround for in BIOS, but not all. XP, Vista, Linux, BSD and Mac operating systems are all vulnerable, so we all get to run around panicking until October -- unless somebody figures it out first.

Filed under: Desktops, Laptops

Tags: errata, hack, hack in the box, HackInTheBox, intel, kris kaspersky, KrisKaspersky

Subscribe to these comments

Reader Comments (Page 1 of 2)

Neutral

Dillon @ Jul 16th 2008 3:10PM

Looks like AMD has won this time.

Neutral

tom @ Jul 16th 2008 3:18PM

^ I sure hope so! Or is it Kaspersky hasn't got to AMD yet? LOL

Neutral

DSeaver @ Jul 16th 2008 3:22PM

Is that true? Doesn't AMD use the Intel instruction set? That would mean it could be affected by this code. Looks like ARM/PPC/SPARC/etc. has won this time!

Neutral

Jonyah @ Jul 16th 2008 3:29PM

amd uses the same instruction sets yes, but they are implemented different. it is possible this just effects intel, which would be really cool (I have machines running on either). I'm not a fanboy of either even though I used to work for AMD, but each company has benefits to me (intel in mobile of course and amd for afforable desktops

Neutral

tom @ Jul 16th 2008 3:29PM

AFAIK -only x86 and MMX and SSE and SSE2 and more SSE#

Highly Ranked

Andrew @ Jul 16th 2008 3:47PM

The attack is used on the errata found in the INTEL CPUs.. Unless AMD's errata are identical to Intel's, it likely will be rendered useless (unless modified). I'm sure it won't be long before more and more hardware-attacks are found as more and more people move toward alternative OS's .. This is a reason why I dislike CISC CPUs, and why RISC is a better alternative - less Points of Failure.
If Intel only didn't have so much money to plow through the issues it faced with CISC at the beginning ...

Highly Ranked

Fara @ Jul 16th 2008 4:19PM

Intels present CPUs aren't CISC. Except for the Atom.

Also, PowerPC G4 and G5 weren't RISC.

They're Post-RISC/Post-CISC. They implement ideas from both ideologies.

Saying that RISC is better is sooooo 1980's

Neutral

OneLove @ Jul 16th 2008 5:57PM

That's why I use my own home made chip.

Highly Ranked

simple3 @ Jul 16th 2008 6:34PM

and i make my own salsa!

Neutral

Matthew C @ Jul 16th 2008 7:15PM

Oh how I miss the PPC Mac...

Neutral

Anthony @ Jul 17th 2008 1:52AM

mmmmhmmmm AMD tri-core !

im down =]

Neutral

Brian! @ Jul 16th 2008 3:11PM

Hrmm. This seems pretty weak. Javascript or TCP/IP? So there is a Javascript command that he can run in any browser that can take over my computer?

Or some TCP/IP special signal?

I look forward to the follow-up story on this one.

Neutral

Vonce @ Jul 16th 2008 4:53PM

Yeah I agree with Brian! - weak

JavaScript/ TCP/IP + Java ?

"The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. "

So what: a hacker can take control of the Java Virtual Machine compiler on my computer - NOW WHAT? Even if you could upload some code, compile it, and run it on my computer, it'd still be in the VM. What's Kris Kaspersky gonna do- break openoffice on everyone's computer?

Neutral

KarlW @ Jul 17th 2008 2:40AM

Javascript still executes code on the CPU. Knowing how a set of javascript commands will be interpreted, and the processor errata, he can design a script to fall in to some of the holes.

That said, I'm not sure how he goes from errata -> stealing CC numbers or whatever.

Neutral

siriusfox @ Jul 17th 2008 10:36AM

From the looks of things, this article incorrectly ties javascript into the method that will be used. I get the feeling that this is more java based than anything, and it sounds like he uses a CPU exploit to gain control of the java compiler, then uses JAVA EXPLOITS to gain further control of the system. Either that or the other way around.

Frankly though, he says that these would be undetectable and unpatchable at the system level, but I have a hard time believing that OS makers can't figure out the specific problems presented by these bugs, and simple workaround to prevent them at the lower levels of the system.

Highly Ranked

Philippe @ Jul 16th 2008 3:12PM

Does it also provide free energy?

Neutral

Scott @ Jul 16th 2008 3:55PM

Seriously though, he must be a smart guy but you would think these people could find something useful to do with there time.

Neutral

Aedile @ Jul 16th 2008 3:59PM

No but it blends and plays Quake.
-aedile-

Neutral

Ghen @ Jul 17th 2008 7:48AM

My same thought. Cracking processors is the new perpetual motion / free energy announcement.

Neutral

bob @ Jul 16th 2008 3:13PM

so is this bios level? does that mean efi is safe?

Neutral

xstream @ Jul 16th 2008 3:13PM

have i told you i've found the key to free energy, beer and sex but i won't tell anybody lol

Low Ranked

retro77 @ Jul 16th 2008 3:14PM

So glad to be an AMD fanboy today.

Neutral

xcrunk @ Jul 16th 2008 3:14PM

Neo, you are the one!

Neutral

neofolklore @ Jul 17th 2008 8:26AM

thank you

Neutral

rutsy5 @ Jul 16th 2008 3:20PM

shat

Highly Ranked

joe @ Jul 16th 2008 3:20PM

best movie ever.

Neutral

rock99rock @ Jul 16th 2008 5:39PM

No, no it wasn't. It was good, but no Godfather/Braveheart/Saving Private Ryan. /Ace Ventura for good measure.

Neutral

yuppicide @ Jul 16th 2008 3:21PM

The password is UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT A B START.

They can't do anything to my computer, though. I'm invincible. I'm also not connected to the internet.

Neutral

EricR @ Jul 16th 2008 3:25PM

I see what you did there...

Neutral

paul @ Jul 16th 2008 3:30PM

FAIL.

B A start.

Neutral

Rocketboy @ Jul 16th 2008 3:32PM

What did he do? I'm confused.

Neutral

vileta2 @ Jul 16th 2008 3:42PM

Isn't it ^ ^ v v < > < > X O? And where did the START come from? Are we talking about the same thing?

Neutral

Steven @ Jul 16th 2008 3:44PM

@ vileta2

The code for the original Contra is ^ ^ v v< >< >BA Start. Must be talking about two different things.

Neutral

initialxy @ Jul 16th 2008 3:24PM

wow that sounds pretty bad. take control of a computer using JavaScript? i will be interested to see the demo.

Neutral

ShadowKain @ Jul 16th 2008 3:27PM

That form the movie Hackers?

Neutral

Dan @ Jul 16th 2008 4:13PM

indeed it is, zero-cool

Neutral

ryan.sahb @ Jul 17th 2008 2:58AM

I laugh so hard everytime I watch that movie :D

"OH NOES THEY IS BREAKING OUR TOWERS"

Neutral

SuperSexyErik @ Jul 16th 2008 3:28PM

Do you now see why iPhone doesn't use intel? Steve jobs can see the future!

Neutral

Jonyah @ Jul 16th 2008 3:31PM

ya steve jobs sees the future.... and all macs run on intel.

Neutral

SuperSexyErik @ Jul 16th 2008 3:45PM

wrong. Some run on powerpc. Fool

Neutral

Paul Dullford @ Jul 16th 2008 8:18PM

Puhleeze. First off, no further Macs at all use PowerPC, which is basically a dead platform for PC's now that the only thing out there using it that people still sell is the Xbox 360. Second off, you think Steve Jobs sees the future because of his reality distortion field when all he is doing is replicating stuff that has been going on for the past few years and making it more friendly. (Multi-touch? Do a search for Jeff Han. Graphical user interface for the first Mac? Do a search for Xerox's GUI. And so on.)
And to defeat your point completely, the iPhone tangentially is an Intel processor because basic architecture of its Xscale processor was developed by Intel. There.

Neutral

iamsoinsane @ Jul 17th 2008 9:28PM

Gotta do it....

Epi...err Legendary Fail.... Erik

dun dun dunnnnn...

Neutral

digitallysick @ Jul 16th 2008 3:29PM

Code that could control any computer in the world regardless of OS. Wow, i would say he better be careful, a lot of people will be after this.

Neutral

macserv @ Jul 18th 2008 12:21AM

I'll believe it when I see it successfully compromise a Linux machine and a Mac OS X system remotely, with no direct access to the hardware. Definitely an intriguing notion, though.

And by "Mac OS X system," I mean a legal, EFI-equipped box, made by Apple... not a "clone".

Neutral