Thursday, April 5, 2007
ARM and X-Scale Processors Subject To Attack?
Posted by Ed Hansberry in "NEWS" @ 03:00 PM
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9015618&taxonomyId=17
"A security researcher at Juniper Networks Inc. says he plans to demonstrate a new class of attack that can be used to compromise electronic devices like routers or mobile phones. The vulnerability lies in the Arm and XScale microprocessors, two chips that are widely used in these "embedded" devices. "There are interesting quirks in the ARM and XScale architectures that make things very easy for an attacker," said Juniper's Barnaby Jack. The technique he has developed is "100 percent reliable, and it results in code execution on the device," he said."
The attack has to do with exploiting a testing interface on the chip, not a buffer overflow vulnerability in the operating system or application, which is the case with most attacks today. The testing interface can be turned off, but I am not sure if it requires the OEM to physically do that or if a program can be download to turn it off, thereby closing the security hole. I would think something like this would require at least BIOS level access to enable/disable. Not pretty. Just for the record, ARM is the architecture used by Windows Mobile devices, and has been since 2000. Before that, a variety of chips were used, like SHx and MIPS.
"A security researcher at Juniper Networks Inc. says he plans to demonstrate a new class of attack that can be used to compromise electronic devices like routers or mobile phones. The vulnerability lies in the Arm and XScale microprocessors, two chips that are widely used in these "embedded" devices. "There are interesting quirks in the ARM and XScale architectures that make things very easy for an attacker," said Juniper's Barnaby Jack. The technique he has developed is "100 percent reliable, and it results in code execution on the device," he said."
The attack has to do with exploiting a testing interface on the chip, not a buffer overflow vulnerability in the operating system or application, which is the case with most attacks today. The testing interface can be turned off, but I am not sure if it requires the OEM to physically do that or if a program can be download to turn it off, thereby closing the security hole. I would think something like this would require at least BIOS level access to enable/disable. Not pretty. Just for the record, ARM is the architecture used by Windows Mobile devices, and has been since 2000. Before that, a variety of chips were used, like SHx and MIPS.