A smoking gun or just smoke and mirrors
This was a total bummer talk! No proof of concept code published and no demos “due to vendor demands”. Not even screenshots of proof of concepts. as far is i am concerned if you can not publish proof of your findings do not publish at all.
If there is no proof of concept code there is no proof according me.
We have seem this before, but now it’s getting really annoying. Either you publish or you don't this is starting to look like a pr hoax at best. The worst scenario would be that his findings is true that would mean that there is already malware and rootkits that exploit this in the wild. That means that the bad guys has the exploits but we as proffesionals do not.
Anyway according to the presentation:
Yes you can inject shell code into the operating system by exploit cache problems between the cores. Yes this can be exploited remotely.
Although I do not fully understand all of the technical details of all the bugs described (yet) I did get the concept and it made sense to me. I am not really surprised about these bugs and it was basically what i had expected. The idea is that you find processes that will be executed in parallel on several cores. by flooding data in a certain way to this daemon or driver you can exploit cache incoherence in a way where you can overwrite physical memory with your malicious data.
Well if this is really exploited in the wild as stated we have a right to know. And i really want to see an valid attack vector and working proof on concept before i buy the remote code execution.
Well i will try to get a hold of Kriss today and see if i can shed some more light on this.
0 comments:
Post a Comment