Although the hack has been on the Web for months, Intel continues to shrug off an exploit said to show how malicious code can steal users’ Pentium III serial numbers without their knowledge.
Zero Knowledge Systems in Montreal, which develops privacy tools that let users surf the Web anonymously, said it posted the exploit to demonstrate that Intel’s scheme for protecting the serial number is flawed. Zero Knowledge System’s program is on a Web site, which warns users that downloading the program will reboot their system.
Intel embedded the serial number in Pentium III processors as a secure-commerce and machine-tracking device. In March, privacy activists filed a complaint with the Federal Trade Commission alleging that it could be used to track users on the Web.
Though activists demanded that Intel pull the chip from the market, Intel instead released a patch that it said disabled the serial number.
Zero Knowledge Systems developed a small ActiveX program that bypasses the software utility used in the patch. The ActiveX control, which can be hidden in a banner ad, simulates a computer crash when the user clicks on the ad. The program then loads a “Trojan horse” program that bypasses the utility. When the computer reboots, the ActiveX control grabs the serial number, places it in a cookie and shows the user how to find it on a Web site before erasing it.
Zero Knowledge Systems said it has also discovered how to reactivate the serial number even if it has been disabled in the BIOS. Zero Knowledge Systems President Austin Hill said that at the time of the Pentium III controversy, Intel told manufacturers they could securely disable the number at the BIOS.
Intel spokesman George Alfs noted that antivirus software developed by McAfee Associates and Symantec protects users’ serial numbers from being stolen with the ActiveX control. He said Intel has spoken with Zero Knowledge Systems about the exploit and is working with BIOS vendors and manufacturers to strengthen the BIOS. “We are looking for ways to tighten up or harden serial number protection,” Alfs said. “There is a lot of malicious code out there, and we are always looking for ways to protect the PC platform against attacks.”
Hill notes that antivirus programs guard against his company’s consensual exploit but are ineffective against crackers who use the same type of attack to steal serial numbers.