Virtualisation software could enable malicious hackers
to compromise machines that have virtualisation hardware support at
the chip level, a security expert has warned.
At a major US security conference this week, Dino Dai Zovi,
principal at Matasano Security, will be demonstrating an attack
that exploits extensions that allow multiple operating systems to
be run. In his presentation to the Black Hat Briefings in Las
Vegas, he will also explain how to detect such attacks, and release
a tool to do this.
The extensions, such as Intel’s VT-x and AMD’s Pacifica, allow
multiple operating systems to be run simultaneously at full speed,
and without modification, on the same processor.
These extensions are already supported in processors such as
Intel’s Core Solo and Duo processors, used in laptops released
earlier this year. Desktop and server processors are in
production.
But the virtualisation technology in such chips may also be
harnessed by malicious rootkit software, which can steal data, said
Dai Zovi.
At the moment, implementing such a rootkit requires expertise,
said Dai Zovi, but he added, "Once processors supporting hardware
virtual machines are more common, rootkits taking advantage of them
will become more prevalent."
On virtualisation-capable hardware, an attacker may install a
rootkit "hypervisor" – virtualisation software – that transparently
runs the original operating system in a virtual machine. The
attacker would load the rootkit in physical memory pages that are
inaccessible to the running operating system, where it is capable
of hiding blocks of information on the disc, said Dai Zovi.
A spokesman for Intel said the company was aware of the
discussions around rootkit exploits, but had been unable to
corroborate the findings.
AMD said that for such an attack to work the hacker would need
to access the computer via another security weakness.
Read article:Intel speeds up Duo
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats