By Guy Middleton,
Hackers can easily activate the unique ID at the heart of every Pentium III chip -- without alerting users, a German processor expert said on Thursday.
This countered Intel's promise that the ID, which prompted concern amongst privacy campaigners, would only be readable if users activated it.
Intel had already backed down from its original plan to ship the chip with the serial number defaulted to "on."
Contrary to Intel's reassurances, Andreas Stiller, processor expert at c't magazine, in Germany, said the Intel utility used to control the Pentium III's ID could be remotely hacked.
"You can experiment with this yourself," he said. "You can fool the Intel tool and the BIOS
very easily. It took about 10 minutes to crack. You can switch on and off the serial number; it's very easy to fool the tool," he said.
Prior to Stiller's claim, Intel published an explanation of the software utility. "For a user to enable the processor serial number, they will need to change the software setting in the control utility, which is installed in the 'start-up' folder. They will then need to reboot their PC."
Stiller said there were several ways to activate the serial number. "It is possible to restart the processor without the user being made aware. You can switch on the serial number and instruct the BIOS to keep it on all the time, and the Intel software will tell you it is off."
Stiller added hackers could add a plug-in to the notorious Back Orifice cracking utility that would grab the serial number.
Intel confirmed the theoretical possibility of Stiller's claims.
"We don't think it can be switched on in software without a reboot, which would be hard to hide from he user," said Steve Roberts, Intel networked-products spokesman. He said computers using the Advanced Configuration and Power Interface could, while going into hibernate mode, restart the chip -- potentially without the user's knowledge.
"If it turns out to be the case, we'll look into what is required to fix it," he said.
Roberts added even if it was possible for the serial number to be obtained, it would be very difficult to use it. "You'd need to implement a PIII virtual machine, which is not trivial," he said.
Try TechWeb's RSS Feed!ACCO Brands Corp seeking Director of New Product Development in Lincolnshire, IL
Transportation Security Administration seeking Chief Information Officer in Arlington, VA
Hebrew SeniorLife seeking Business Systems Analyst in Boston, MA
Trilogy Leasing seeking General Manager in Cranbury, NJ
UVIMCO seeking Senior Information Technology Leader in Charlottesville, VA
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
