Intel, Researchers Team to Address Security Flaws in Chips

Intel and micro-architecture security researchers discovered new vulnerabilities in the company’s chipsets that allow hackers to “eavesdrop” on all processed raw data. Four attacks showed similar techniques, which Intel dubbed Microarchitectural Data Sampling (MDS) and the researchers have named ZombieLoad, Fallout and Rogue In-Flight Data Load (RIDL). The discovery comes more than a year after Intel and AMD identified Meltdown and Spectre, two major security flaws. AMD and ARM chips are not vulnerable to these new attacks.

Wired reports that the research team includes those from “Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany, and security firms Cyberus, BitDefender, Qihoo360, and Oracle.” Intel asked the researchers “to keep their findings secret, some for more than a year, until it could release fixes for the vulnerabilities.”

The company, which minimized the extent of the flaws, fixed it in chips released last month, but the flaws impact those that shipped as far back as 2008. According to Reuters, chips are slowed down as much as 20 percent, and, even with the fix, up to 19 percent. Researchers said the flaws are “serious” and “may require disabling some of its features, even beyond the company’s patch.”

Users can test if their systems are affected by using a tool that researchers published here. Similarly to Meltdown and Spectre, “the new MDS attack takes advantage of security flaws in how Intel chips perform speculative execution, a feature in which a processor guesses ahead of time at what operations and data it will be asked to execute, in order to speed up the chip’s performance.”

But, unlike Meltdown, “which used speculative execution to grab sensitive data sitting in memory, MDS attacks focus on the buffers that sit between a chip’s components, such as between a processor and its cache, the small portion of memory allotted to the processor to keep frequently accessed data close at hand.”

Hackers can use a “malicious application, a virtual machine hosted on the same cloud server as the target, or even a rogue website running JavaScript in the target’s browser” to trick the processor into revealing data such as “what website the user is browsing, their passwords, or the secret keys to decrypt their encrypted hard drive.” Intel’s software patch “clears all data from buffers whenever the processor crosses a security boundary, so that it can’t be stolen and leaked.”

Contrary to researchers’ predictions of chip slowdown, Intel said the patch will have “relatively minimal” impact on performance, “though for a few data center instances it could slow its chips down by as much as 8 or 9 percent.” The patch has to be implemented “by every operating system, virtualization vendor, and other software makers.” Apple, Google, Mozilla and Microsoft have either released a fix or update or plan to do so soon.