COMMSEC: Under Cover of Darkness: Hiding Tasks via Hardware Task Switching



Recently, malicious mining using CPUs has become a trend – mining where the task is not detected by the user is even more of a threat.

We have worked  to discover IA-32 vulnerabilities over the last couple of months and have found that by using hardware task switching method, we can execute another task that is undetectable by the OS from the normal user perspective. Currently hardware task switching method is not used but exists on modern computers as current task switching methods are managed by the underlying operating system.

The important point of this research was that you can conceal these attacks from the user. Proof of the concealment will be shown with video demos during the presentation. We will also show that it is difficult to defend against hardware switching attacks because there are currently no tools that detect when the Global Descriptor Table has been modified.

We have only studied IA-32 CPUs for now and have been able to create other schedulers that is undetectable in 32-bit OSes but there is a way to pull off this attack on 64-bit operating systems as well and we are actively exploring this area.

Location: Track 4 / CommSec Date: April 13, 2018 Time: 11:30 am - 12:00 pm Kyeong Joo Jung