Black Hat researchers blow hole in Intel BIOS security

The security researchers - Joanna Rutkowska and Rafal Wojtczuk - originally sketched out the flaw in Intel's TXT technology earlier this year, but revealed their full methodology at the Black Hat event.

The security flaw in Intel's newly-released TXT - aka LaGrande - centers on a design flaw in the technology.

According to the researchers with the Invisible Things Lab of Poland, the flaw allows hackers to bypass any of TXT's security protections.

Intel's previous claims that its technology was secure were blown away by proof-of-concept code that showed how anyone could use their methodology to compromise Intel's implementation of the trusted boot-strap process.

In their presentation at the Black Hat conference, the Polish researchers said that patching the PC's BIOS would address the system software vulnerabilities, but added that there is no simple solution to the fundamental TXT problem.

Intel has moved swiftly to confirm the security flaw, which affects notebook, desktop, and server motherboards and is reportedly to be working on an update for the affected BIOSs.

Intel's TXT technology is designed to provide a trusted method for loading and launching system software such as an operating system kernel or a virtual server environment on a computer system.

The technology has been billed as reducing the risk of a system being compromised by rootkit and similar attack vectors, although Infosecurity notes that only Intel's vPro processor family currently supports the security system.

What’s hot on Infosecurity Magazine?