RSS Alerts

Share

More services

Related Links

Related Stories

  • Virtual attacks
    Virtualisation offers many benefits, but it also brings some security concerns, says Danny Bradbury
  • Virtual Insanity
    Virtualization offers many benefits, but it also brings some security concerns, says Danny Bradbury
  • Catch me if you can
    These days, malware writers are in it for the money. In order to maximise profit, discretion is imperative so stealth technology has been adopted as a rule, rather than an exception. Danny Bradbury looks to the cat and mouse game that researchers and attackers are playing to see who’s coming out on top
  • News Feature: Time to Avoid the Droid?
    Finally, hype has matched reality in the world of mobile security. Drew Amorosi chronicles the recent ups and downs of the bustling Android Market to find out why it is in the crosshairs of the security industry
  • News Feature: Time to Avoid the Droid?
    Finally, hype has matched reality in the world of mobile security. Drew Amorosi chronicles the recent ups and downs of the bustling Android Market to find out why it is in the crosshairs of the security industry

Top 5 Stories

News

Black Hat researchers blow hole in Intel BIOS security

19 February 2009

The Black Hat security event taking place in Washington this week brought its usual array of hacker methodology revelations, but Intel watchers will have sat up straight after hearing how researchers have effectively blown a hole in the firm's trusted execution technology.

The security researchers - Joanna Rutkowska and Rafal Wojtczuk - originally sketched out the flaw in Intel's TXT technology earlier this year, but revealed their full methodology at the Black Hat event.

The security flaw in Intel's newly-released TXT - aka LaGrande - centers on a design flaw in the technology.

According to the researchers with the Invisible Things Lab of Poland, the flaw allows hackers to bypass any of TXT's security protections.

Intel's previous claims that its technology was secure were blown away by proof-of-concept code that showed how anyone could use their methodology to compromise Intel's implementation of the trusted boot-strap process.

In their presentation at the Black Hat conference, the Polish researchers said that patching the PC's BIOS would address the system software vulnerabilities, but added that there is no simple solution to the fundamental TXT problem.

Intel has moved swiftly to confirm the security flaw, which affects notebook, desktop, and server motherboards and is reportedly to be working on an update for the affected BIOSs.

Intel's TXT technology is designed to provide a trusted method for loading and launching system software such as an operating system kernel or a virtual server environment on a computer system.

The technology has been billed as reducing the risk of a system being compromised by rootkit and similar attack vectors, although Infosecurity notes that only Intel's vPro processor family currently supports the security system.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012