Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs
It seems that researchers have found yet another vulnerability rooted within Intel’s chips that could potentially allow attackers to access sensitive data from computers using their hardware. Since an overwhelming majority of PCs today use Intel, this puts millions of computers at risk.
Why is it important?
A little over a year ago, a security flaw was found with Intel’s microprocessors. Both of these flaws, named “Meltdown” and “Spectre”, when exploited, would allow attackers to access data from parts of a computer’s memory that should normally be protected [1]. These vulnerabilities were quickly patched, but it seems that they were not the end of the problems. Along with a group of microarchitecture security researchers, Intel has now decided to announce a new class of attacks, labeled MDS (Microarchitectural Data Sampling) [2]. This class of hackable vulnerabilities is comprised of four distinct attacks, but the end payload for them is similar; it allows attackers to access sensitive data from a victim’s CPU.
Aside from the vulnerability itself, it may be of worth to discuss how Intel has approached this situation. Researchers actually discovered the issue over a year ago, so why is this just being announced now? Some have criticized the company, stating that consumers should have the right to know about the risks associated with using their products. Allegedly, the VUSec group at Vrije Universiteit Amsterdam, who discovered the flaws, declined cash offerings from Intel to downplay how severe the vulnerability was [3]. Intel’s reasoning is that they needed more time to come up with fixes, and that disclosing the flaw to the public would attract hackers to try their hand at the exploit. Cases like this lack a clear precedent to follow. What should companies do in these situations? Perhaps it would be worthwhile to establish clear guidelines.
Who is affected?
Intel is the main player when it comes to the manufacturing of computer microprocessors. From mobile devices like cell phones and tablets to desktop PCs, Intel’s chips are integrated in computer systems all over the world. They hold the majority of the market share, with AMD being their primary competitor.
According to the researchers, any device using any of their chips from 2008 and onwards may be at risk to this attack [2]. Intel states that its newest set of chips will have this vulnerability fixed at the hardware level, and that they have released a software patch to fix the older chips. The processing giant urges users to grab the latest update for their operating systems immediately, such as the newest Mojave update for Macs.
What impact might it have on people?
By exploiting this vulnerability, attackers can access data from the CPU’s buffers. Although much of this data may only be “noise”, as stated by Intel, careful filtering of the raw input allowed security researchers to extract valuable information from computers, such as secret keys and passwords to websites. A specific approach could even be used to create a continuous, real-time stream of data from the CPU, allowing hackers to monitor things like a victim’s website activity.
As the number one company in the micro processing market, consumers trust Intel to provide secure, top of the line, high-quality products that they can rely on. The average computer user would expect that security issues occur mostly at the software level and they would be safe as long as they kept their computers free of malware. It can be quite concerning to some to learn that issues can be ingrained as deeply as in their hardware, something completely out of their control. Incidents like this may have consumers questioning how trustworthy companies Intel’s products really are.
What were the causes?
The vulnerability is caused by a performance-enhancing technique used by Intel chips, termed speculative execution. This is when the chip tries to predict what operations it needs to perform next, and with what data. During this process, the chip stores potentially sensitive information in its short-term buffers, used for frequently-accessed data. VUSec researchers discovered that they could extract information from these buffers using techniques such as Fallout, ZombieLoad, and RIDL (Rogue In-Flight Data Load) [2]. For example, one attack was able to pull hashed passwords from a line-fill buffer. Another used ZombieLoad to spy on a victim’s recent website activity.
How might similar problems be prevented in the future?
It is clear that the responsibility for ensuring that these problems do not occur lies completely with Intel. When it comes to a hardware issue such as this, it is up to the engineers of the chips to analyze the product for potential vulnerabilities while they are designing it. Whether or not it was the issue with this particular case, products should not be shipped hastily for the sake of keeping up with competition and a consumer’s demand for the “next big thing”.
Aside from their own testing, companies should continue the practice of hiring external parties such as the VUSec group to help scan their products for flaws. After all, they were the ones who helped fully uncover the potential of these MDS attacks.
— — — — — — — — -
References:
[1] WIRED. A Critical Intel Flaw breaks Basic Security For Most Computers.https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/
[2] WIRED. Meltdown Redux: Intel Flaw lets Hackers Siphon Secrets From Millions of PCs. https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/
[3] TechPowerUp. Intel Tried to Bribe Dutch University to Suppress Knowledge of MDS Vulnerability. https://www.techpowerup.com/255563/intel-tried-to-bribe-dutch-university-to-suppress-knowledge-of-mds-vulnerability
