Zero Knowledge Systems of Montreal said today that it has developed an ActiveX control that can retrieve the serial number under certain circumstances, even after a software repair released last month by Intel has disabled the feature and ostensibly "hid" the number from prying eyes.
The Pentium III serial number has turned into a public-relations nightmare for the world's largest chipmaker. Although Intel included the number in the chip as a way to improve Internet security, it has drawn protests from privacy advocates who say it provides hackers with an opportunity to obtain sensitive information.
Zero Knowledge's control essentially exploits the approximate 15-second gap between the time a Pentium III computer is turned on and exposes the processor serial number and when the software repair kicks in and covers it up.
The control tricks the computer into crashing. Then, as the machine is rebooted, Zero's software grabs the number before the software utility has a chance to disable it again.
"It simulates a crash and could be attached to a virus, hidden inside an email attachment, shareware--anyway that people get hostile code onto your machine," Zero Knowledge president Austin Hill said. The ActiveX control grabs the serial code upon reboot, Hill said, and places it in a cookie file that can be read by Web sites.
The Pentium III includes a serial code hardwired into the chip, along with incremental improvements in speed and multimedia instructions.
Privacy and consumer rights groups are up in arms over the new feature, which they say can provide an easy way for unscrupulous marketers and hackers to track users based on their surfing habits. Some groups have called for a boycott of Intel, while others, including the Center for Democracy and Technology, the ACLU, and the Electronic Privacy Information Center, are meeting with the FTC to pursue an investigation into the serial code.
Intel included the feature as an additional security precaution for e-commerce and to aid corporations tracking technology assets. The number is "on," or can be read by a distant server, when the computer is turned on. Intel has shipped a software utility to PC makers that turns the serial code off.
For greater security, manufacturers can also disable the code in the BIOS, or boot-up software. The BIOS patch hides the serial number at a much earlier point in time.
In addition, Intel confirmed today that certain mobile Pentium II and Celeron processors also contain the controversial serial code.
Zero's hack differs from German technology publication's proposed method of getting around the disabling software utility reported earlier. The magazine c't postulated that the serial code could be read upon awakening from energy-saving "deep sleep" mode, Hill said.
Intel has not yet seen Zero's software utility, and declined to comment on whether the hack actually disables the serial code utility. But as when c't pointed out that the software utility could be bypassed, company spokesman George Alfs noted that all software can be hacked.
"We would want to look at the code before we make a comment on that," Alfs said. "But the end user always needs to be aware of malicious software."
Zero-Knowledge recommends that consumers make certain that the serial code is disabled in the BIOS, Hill said.
"Intel built the serial number and was surprised by how seriously people take their privacy," Hill said. "They said 'theoretically it may be broken'--it turns out it's not that theoretical after all."