Joanna Rutkowska is back in the news. This time with colleague Rafal Wojtczuk discussing their way to bypass security in Intel’s TXT.
From Search Security:
It’s a very sophisticated attack method that few could pull off, but the security bugs exploited by security researchers Joanna Rutkowska and colleague Rafal Wojtczuk to bypass Intel Trusted Execution Technology (TXT) should be noted by security pros. Especially those considering the potential applications of TXT to drive virtualization to Intel-based desktops, servers and mobile devices. There is no need for IT to panic yet; as there are no known attacks and the vulnerabilities take great expertise to exploit.
The attack is noteworthy because Citrix and VMware have recently announced major partnerships using Intel’s vPro architecture and TXT as a foundation. Intel is looking at the vulnerability and has pledged to ensure the security of TXT.
Interesting reading. For Eric Ogren’s full article head over to TechTarget.
The 8 minute video embedded in the article is just a very high-level intro to TPMs and the CRTM concept, not a discussion of the attack mentioned here. Just a warning, to save you some time.