If you have a pre-Sandy Bridge Intel processor in your computer, you might want to consider replacing it, because a new, extremely potent vulnerability was uncovered during the Black Hat Conference.
The vulnerability, which hits Intel’s old x68 processors (built between 1997 and 2010), allows an attacker to install malware in the chip's protected space known as System Management Mode (SMM).
Not only can the intruder wipe your BIOS, but the malware will stay installed even if you wipe your disc and reinstall your OS.
Security researcher Chris Domas, who has discovered the vulnerability, has only tested against Intel-made CPUs so far, but AMD processors could be vulnerable as well.
Although, it is not that easy to have your SMM infected - a would-be hacker first needs low-level OS access to get in. That means you need to fall prey to another attack before this becomes an option.
Domas has revealed a proof of concept code for installing such a rootkit in his white paper. Intel is reportedly aware of the situation and has released firmware updates for few chips, but still a large number are likely to remain unprotected as firmware updates are often ignored by regular users.
Then, there’s also the issue of support. As Engadget says, what's the likelihood that your motherboard maker will support a product that's at least five years old, or that most people are both willing and able to apply firmware upgrades?
However, this being a vulnerability which targets only older computers, it’s just a matter of time before the problem sorts itself out.