The SSM security hole that Christopher Domas has demonstrated (pdf) is worrying but don't panic, it requires your system to be compromised before you are vulnerable. That said, once you have access to the SMM you can do anything you feel like to the computer up to and including ensuring you can reinfect the machine even after a complete format or UEFI update. The flaw was proven on Intel x86 machines but is likely to apply to AMD processors as well as they were using the same architecture around the turn of the millennium and thankfully the issue has been mitigated in recent processors. Intel will be releasing patches for effected CPUs, although not all the processors can be patched and we have yet to hear from AMD. You can get an over view of the issue by following the link at Slashdot and speculate on if this flaw was a mistake or inserted there on purpose in our comment section.
"Security researcher Christopher Domas has demonstrated a method of installing a rootkit in a PC's firmware that exploits a feature built into every x86 chip manufactured since 1997. The rootkit infects the processor's System Management Mode, and could be used to wipe the UEFI or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldnt help, because they too rely on the SMM to be secure."
Here is some more Tech News from around the web:
- Millions of Android devices pwned in single text attack … again @ The Inquirer
- Mozilla Issues Fix For Firefox Zero-Day Bug @ Slashdot
- Microsoft plays down playing fast and loose with Windows 10 privacy @ The Inquirer
- Ransacked US OPM wins Pwnie Award for 'Most EPIC Fail' @ The Register
- Hacking Team brewed potent iOS poison for non-jailbroken iThings @ The Register
- Tesla Model S Has Been Hacked @ Slashdot
- Asus EA-AC87 4×4 wireless bridge @ Kitguru