Intel announced new chip-level security protection for its upcoming Tiger Lake CPUs, which could be exploited by control-flow hijacking methods. While the final aim of these techniques is to steal data at the core CPU level, it does by leveraging the legitimate code within, thus escapes easily from system OS scans and antivirus softwares. It’s available for Windows 10 insider users starting today.

Adding a Hardware Level Malware Protection

While hardware and software OEMs are crafting new and better security protections regularly, hackers top have been evolving with new resources to crack them. As this is a hand over hand process, Intel makes a move this time by introducing new protection – Intel Control-Flow Technology (CFT). This is aimed to thwart control-flow hijacking exploitations.

Tiger Lake processors
Tiger Lake Processors

This protection involves two new walls as Shadow Stack (SS) and Indirect Branch Tracking (IBT). While the IBT protects against Jump or Call Oriented Programming attacks, the SS method stands against Return Oriented Programming. These are the popular techniques used by hackers in large classes of malware.

As these exploit the legitimate code within, it’s harder for system OS, antivirus Softwares, and sandboxes. This further penetrates the victim’s system and gain deep privileges to control it finally. Thus, along with the upcoming Tiger Lake CPUs, Intel also extends this protection to vPro platforms that come with Intel’s Hardware Shield.

Since the hijacking methods are advancing rapidly, stopping them with just OS-level protections isn’t possible. Thus, Intel’s adding this kind of hardware-level security adds even more power to evade chip hijacking. Intel calls this as Hardware Enforced Stack Protection in Microsoft and gives a preview of this to Windows 10 Insider starting today.

Via: BleepingComputer


Please enter your comment!
Please enter your name here