Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
The Great Debate: X86/“The Memory Sinkhole” vs. Existing SMM Exploits
4 points by phrasz on Aug 11, 2015 | hide | past | favorite
I wanted to bring the table old sources from 2008/2009 regarding SMM flaws/rootkits. I give major props to Domas, and I would just like to bring up further discussion which I blame him for starting (:

1) "A New Breed of Rootkit: The System Management Mode (SMM) Rootkit" - https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html - http://www.eecs.ucf.edu/~czou/research/SMM-Rootkits-Securecom08.pdf

2)"Attacking Intel® Trusted Execution Technology" - https://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html - http://theinvisiblethings.blogspot.de/2009/03/attacking-smm-memory-via-intel-cpu.html - http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20slides.pdf

To me I read the 2015 slides (didn't see the presentation) as a NEW attack vector. Looking at the 2008 case it appears this is the same flaw, but instead of a keylogger/UDP spammer payload we have a privilege escalation payload.

Thoughts?



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: