Throw away your old computers: researcher discovers serious Intel CPU security exploit

Vaughn Highfield August 10, 2015

New research has uncovered a serious firmware-level security exploit in Intel’s processors from 1997 to 2010 (pre-Sandy Bridge), allowing attackers to install software in a chip’s protected System Management Mode.

Throw away your old computers: researcher discovers serious Intel CPU security exploit

The discovery was made by security researcher Chris Domas and appears to be due to older chips’ x86 architecture. Domas discovered that, if an intruder gains access to your chipset, they can take over almost all functionality of your PC. A firmware-level attack will be immune from computer antivirus software as well as hard drive reformatting and a fresh OS install. Essentially, once infected, there’s nothing a user can do to protect themselves.

However, this isn’t quite the doomsday scenario it at first appears. To infect a machine’s firmware using the exploit, you first need to deliver the malware using a more conventional virus, worm, or other exploit. This means, in theory, that the delivery mechanism would be capable of being spotted by anti-virus software. However, once infected, there’s no way of eliminating the problem.

The issue has also only been tested to work with Intel-made chips, so it’s not known at this point whether AMD CPUs are vulnerable to the same vulnerability or not.

It’s unlikely that Intel or anyone else is going to jump on this problem and patch it at a BIOS level. This vulnerability only seems to appear on pre-2010 chips, and the likelihood that anyone will fix five-year-old consumer-level hardware is slim to none. So, if you’re running a computer that’s comparatively prehistoric in modern tech terms, you might want to think about upgrading it in the not-too-distant future.

Image: John Louis – Flickr