Virtualisation software could enable malicious hackers to compromise machines that have virtualisation hardware support at the chip level, a security expert has warned.
At a major US security conference this week, Dino Dai Zovi, principal at Matasano Security, will be demonstrating an attack that exploits extensions that allow multiple operating systems to be run. In his presentation to the Black Hat Briefings in Las Vegas, he will also explain how to detect such attacks, and release a tool to do this.
The extensions, such as Intel’s VT-x and AMD’s Pacifica, allow multiple operating systems to be run simultaneously at full speed, and without modification, on the same processor.
These extensions are already supported in processors such as Intel’s Core Solo and Duo processors, used in laptops released earlier this year. Desktop and server processors are in production.
But the virtualisation technology in such chips may also be harnessed by malicious rootkit software, which can steal data, said Dai Zovi.
At the moment, implementing such a rootkit requires expertise, said Dai Zovi, but he added, "Once processors supporting hardware virtual machines are more common, rootkits taking advantage of them will become more prevalent."
On virtualisation-capable hardware, an attacker may install a rootkit "hypervisor" – virtualisation software – that transparently runs the original operating system in a virtual machine. The attacker would load the rootkit in physical memory pages that are inaccessible to the running operating system, where it is capable of hiding blocks of information on the disc, said Dai Zovi.
A spokesman for Intel said the company was aware of the discussions around rootkit exploits, but had been unable to corroborate the findings.
AMD said that for such an attack to work the hacker would need to access the computer via another security weakness.
Read article: Intel speeds up Duo
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats