[GTALUG] firmware security bug in many computers
ac
ac at main.me
Sun Jul 10 02:17:02 EDT 2016
On Sat, 9 Jul 2016 18:13:02 -0400 (EDT)
"D. Hugh Redelmeier via talk" <talk at gtalug.org> wrote:
> <http://www.itnews.com.au/news/lenovo-hunts-bios-backdoor-bandits-430208>
> <http://www.itnews.com.au/news/lenovo-thinkpad-zero-day-bypasses-windows-security-430090>
> <https://github.com/Cr4sh/ThinkPwn>
> <https://support.lenovo.com/ca/en/solutions/LEN-8324>
> Summary: a call-out from SMM code can lead to privilege escalation.
> This code seems to have originated at Intel. Lots of machines will
> have this bug.
>
this is not a bug, it is more of a feature/functionality and as with
anything that makes things easy (as in power management, etc),
it also makes things less secure
I do understand that for LENOVO this is a "bug" as they did not anticipate
that this feature could be used to override their security (infiltrated by
their own ibv )
a quick google search confirms this...
http://phrack.org/issues/65/7.html
not secret/mystical much...
www.intel.com/content/dam/www/public/us/en/documents/reference-guides/efi-smm-cis-v09.pdf
as always ymmv
Andre
> (SMM == System Management Mode, an almost secret and magical part of
> the firmware that can run at any time without the OS or user program
> knowing or controlling it. It has even more privilege than the
> kernel.)
>
> I expect firmware updates conscientious manufacturers for many many
> systems.
>
> I have no idea how easy this is to exploit.
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
More information about the talk
mailing list