Root inside: researchers claim crack for Intel's vPro
By Jon Stokes | Published: January 07, 2009 - 09:11AM CT
Two security researchers based in Poland claim to have cracked Intel's vPro—specifically the trusted execution technology (TXT) part formerly known as LaGrande. Little is currently known about the crack, which the team will fully unveil at the forthcoming Black Hat conference in Washington. They have revealed that it involves two stages, and that an attacker can use it to "compromise the integrity of a software loaded via an Intel TXT-based loader in a generic way."
The first stage of the attack [PDF] is apparently based on "an implementation flaw in a specific system software," specifically the part that loads trusted code into memory. The second stage exploits the design of the current release of TXT.
The researchers, who work for a group called Invisible Things, claim to have found more than one implementation flaw that can enable the first stage of the attack, and Intel will be releasing information to the developer community on how to make your applications immune to it. The design-based exploit will presumably be addressed in a later release of TXT.
Right now, few people are actually using TXT, so the impact on Intel's customer base should be pretty minimal, if any. But it has to bother the company that an exploit was even found at all.
vPro is a critical link in Intel's larger vision for networked computing. At this past IDF, I talked with Intel's Andy Tryba about the company's vision of widespread remote tech support—instead of walking my aunt through a troubleshooting session over the phone, Intel would like to see me remotely and securely log into her machine and fix it. Or, Apple could remotely and securely log into her machine, if she's a Mac user.
Obviously, such a support scenario would need a lot more than just vPro, and Tryba acknowledged that. vPro is only a building block out of which which a company like Apple or Best Buy, or a third party software developer, could build a complete remote support solution. But of course, that building block has to be secure before users will feel comfortable handing over the keys to their machine to a faceless corporation (or to their nephew).
With so few details of the attack made public, it's difficult to assess its potential impact. In a statement to InfoWorld, Intel merely indicated that they're working with Invisible Things on addressing the issue.
