At the upcoming HackInTheBox conference in Malaysia, security researcher Kris Kaspersky will demonstrate how bugs in microprocessors can be exploited to take control of local machines and servers. Commonly security holes have involved exploiting flaws in software applications, such as developer errors made in bounds checking (buffer overflow), input filtering or user access etc. But with each new chipset released by Intel, AMD and others there are large numbers of bugs (referred to as errata – because they are documented in that section of the chipset developer documentation) and these bugs can now be exploited remotely to gain access to systems.
Errors in microprocessors have been a long-known issue, though it was never considered possible to exploit transistor-level bugs remotely. There have been a number of local security vulnerabilities that take advantage of these bugs, but until this most recent research there was no well-established method for a more convenient remote attack. Systems can be exploited by forcing the computer to run a series of instructions that can cause or trigger an error. Systems can be forced into running these instructions commonly via a JIT compiler (Java in the browser) or by finding another program accessible remotely where the instructions executed are well known or can be manipulated.
It is unknown just how many microprocessor bugs are undiscovered, as it is the vendors themselves who are documenting them for the benefit of developers. It would also be theoretically possible to exploit bugs in other chipsets – such as graphics controllers or bus controllers. As with everything security related, it would probably take a large-scale attack before awareness of these issues rises – at which time chip manufacturers will then need to invest in improved processes in checking for bugs (like software developers do now) prior to releasing circuit designs for manufacturing.