Watch out for virtualisation security bug, warns expert


Watch out for virtualisation security bug, warns expert

Arif Mohamed

Virtualisation software could enable malicious hackers to compromise machines that have virtualisation hardware support at the chip level, a security expert has warned.

At a major US security conference this week, Dino Dai Zovi, principal at Matasano Security, will be demonstrating an attack that exploits extensions that allow multiple operating systems to be run. In his presentation to the Black Hat Briefings in Las Vegas, he will also explain how to detect such attacks, and release a tool to do this.

The extensions, such as Intel’s VT-x and AMD’s Pacifica, allow multiple operating systems to be run simultaneously at full speed, and without modification, on the same processor.

These extensions are already supported in processors such as Intel’s Core Solo and Duo processors, used in laptops released earlier this year. Desktop and server processors are in production.

But the virtualisation technology in such chips may also be harnessed by malicious rootkit software, which can steal data, said Dai Zovi.

At the moment, implementing such a rootkit requires expertise, said Dai Zovi, but he added, "Once processors supporting hardware virtual machines are more common, rootkits taking advantage of them will become more prevalent."

On virtualisation-capable hardware, an attacker may install a rootkit "hypervisor" – virtualisation software – that transparently runs the original operating system in a virtual machine. The attacker would load the rootkit in physical memory pages that are inaccessible to the running operating system, where it is capable of hiding blocks of information on the disc, said Dai Zovi.

A spokesman for Intel said the company was aware of the discussions around rootkit exploits, but had been unable to corroborate the findings.

AMD said that for such an attack to work the hacker would need to access the computer via another security weakness.

Read article: Intel speeds up Duo


Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy