Not many people seem to have noticed that Invisiblethings team has reported the 3rd attack against SMM (Attacking SMM Memory via Intel® CPU Cache Poisoning) which they have found in the last 10 months. Joanna Rutkowska, founder and CEO of Invisible Things Lab reported it on her blog and also company’s web site.
Here is citation of one interesting opinion:
But anyway, does the fact we can easily compromise the SMM today, and write SMM-based malware, does that mean the sky is falling for the average computer user?
No! The sky has actually fallen many years ago… Default users with admin privileges, monolithic kernels everywhere, most software unsigned and downloadable over plaintext HTTP — these are the main reasons we cannot trust our systems today. And those pathetic attempts to fix it, e.g. via restricting admin users on Vista, but still requiring full admin rights to install any piece of stupid software. Or selling people illusion of security via A/V programs, that cannot even protect themselves properly…
One of attacks has been shown on recent CanSecWest Applied Security Conference: Vancouver. That is: Getting into the SMRAM: SMM Reloaded – Loíc Duflot.
Looking into these reports and state of current security, it seems that is room and necessity of important changes in this area.