Security researcher Christopher Domas gave a presentation at the Black Hat conference in Las Vegas about a security issue in Intel's x86 processors that went undiscovered for well over a decade.
Domas explained how a design error in an advanced programmable interrupt controller (APIC) related legacy feature of the System Management Mode, one of the deepest levels of the CPU that operates system errors and grants control to various subsystems, could be exploited to install a rootkit that remains invisible to the operating system.
While such an infection would first require full administrative and root rights on a vulerable PC, the danger of this type of rootkit is that it nestles inside the CPU and is extremely hard to detect and remove. In fact, this exploit targets a part of the CPU that can't even be accessed by the operating system. Domas speculates it could even be possible to set an infected laptop on fire as the exploit can disable energy management.
Intel reportedly fixed the issue with the introduction of its Core i CPUs in 2011 (Sandy Bridge and later) and the Atom CPUs were updated in 2013. Hundreds of millions of systems with older Intel CPUs remain vulnerable though. AMD CPUs may be vulnerable too but Domas said he hasn't investigated any AMD chips so it's unknown whether AMD has implemented APIC in a similar fashion.
Sources: Tweakers
Rootkit exploit in Intel CPUs dates back to 1997
Posted on Monday, August 10 2015 @ 11:28 CEST by Thomas De Maesschalck