Security researchers from Eclypsium have detailed yesterday a new variation of the Spectre attack that can recover data stored inside a secure CPU area named the System Management Mode (SMM).
For those unfamiliar with CPU design, the SMM is a special x86 processor mode that not even highly-privileged software such as kernels or hypervisors cannot access or interrupt.
Every time code is sent to the SMM, the operating system is suspended and the CPU uses parts of the UEFI/BIOS firmware to execute various commands with elevated privileges and with access to all the data and hardware.
During these "interrupts," as they are known, the SMM suspends the operating system and runs firmware-specific code that handles power management, system hardware control, or proprietary OEM code —in other words keeping the hardware running smoothly while the software runs on top.
Because of its critical role in keeping the hardware alive and its deep connections to all areas of the computer, software applications of any kind are not allowed to interact with the SMM, for both maintenance and security reasons.
But the SMM mode was designed and released into production in the early 90s, and not that many protections were included from the get-go.
On Intel CPUs, access to the SMM is protected by a special type of range registers known as System Management Range Register (SMRR).
In research published on Thursday, the Eclypsium team has modified one of the public proof-of-concept codes released for the Spectre variant 1 (CVE-2017-5753) vulnerability to bypass the SMRR protection mechanism and access data stored inside the System Management RAM (SMRAM) —the area of the physical memory where SMM stores and runs its working data.
"These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," the Eclypsium team says.
"This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM," researchers said.
Furthermore, since the attack was successful at revealing SMRAM and SMM data, the Eclypsium team also believes it could be used to reveal other type of info stored inside the physical memory, not just the one related to SMM.
While their experimental attack was crafted to work around the Spectre variant 1 vulnerability, researchers said that using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.
Researchers said they've notified Intel of their new Spectre attack variation in March. Intel says that the original patches for the Spectre variant 1 and variant 2 should be enough to block the attack chain discovered by the Eclypsium team.
"We have reviewed Eclypsium's research and, as noted in their blog, we believe that the existing guidance for mitigating Variant 1 and Variant 2 will be similarly effective at mitigating these scenarios," an Intel spokesperson said. "We value our partnership with the research community and are appreciative of Eclypsium’s work in this area."
The Eclypsium report provides a deeper technical dive into the research team's attack. Eclypsium is headed by Yuriy Bulygin, the former head of Intel's Advanced Threat Research team at Intel Security and microprocessor security analysis team at Intel Corporation. He is also the creator of the CHIPSEC open-source security framework.