Modernizing Authentication — What It Takes to Transform Secure Access
Intel this week is updating its Trusted Execution Technology (TXT) for a critical flaw that could potentially have enabled an attacker to run untrusted code.
Trusted Execution Technology (TXT) provides extensions for Intel processors and chipsets to protect applications. The basic idea behind TXT is to enable a trust mechanism for the safe loading of software.
"A misconfiguration in SINIT code could potentially allow a malicious attacker to circumvent Intel Trusted Execution Technology and elevate their privileges," Intel said in an advisory. "Intel has released an updated SINIT Authenticated Code Module (ACM) to correct this misconfiguration."
Intel added that systems with Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets are potentially at risk and should update.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
The flaw was reported by security research firm Invisible Labs, which is led by researcher Joanna Rutkowska. This isn't the first time that Rutkowska has found a flaw with Intel's chipsets: Earlier this year at the Black Hat D.C. conference, Invisible Labs revealed another TXT-related flaw.
In its advisory on the most recent weakness in TXT, Invisible Labs described what could go wrong with the system.
"We again showed that an attacker can compromise the integrity of software loaded via an Intel TXT-based loader in a generic way, fully circumventing any protection TXT is supposed to provide," it said. "This time, our attack exploits an implementation error in the so-called SINIT Authenticated Code Modules. Intel distributes the SINIT modules for each of its TXT-capable chipset."
Invisible Labs explained that the SINIT ACMs are executed by the central CPU instruction set for TXT operation and are digitally signed. Though TXT deals with Intel hardware, Invisible Labs noted that an attack would not require physical presence, since a hacker can attack the SINIT ACM software.
Though this is the second TXT attack reported by Invisible Labs, the security research group still sees value in users adopting Intel's TXT.
"TXT provides unique features that should allow developers to create more secure systems in the future," Invisible Labs said in a FAQ on the new attack. "Our team believes that the research we do can enable safer systems in the future by eliminating implementation errors from TXT before its wide adoption."
Invisible Labs' Rutkowska rose to prominence with her 2006 Black Hat presentation on hacking Windows Vista, which had not yet been released at the time. Her research involved a potential attack technique called the "Blue Pill" -- in reference to the film "The Matrix" -- that Microsoft ultimately fixed. However, she took Microsoft again to task again in 2007 with a new Blue Pill implementation.
Sean Michael Kerner is a senior editor at InternetNews.com, covering Linux and open source, application development and networking.