ZombieLoad exploit lets hackers steal data from Intel CPUs

Remigio Civitarese
Mag 15, 2019

Those who warned that the Meltdown and Spectre computer chip flaws revealed previous year would trigger a new era of hardware vulnerability discovery were on to something. Like Meltdown and Spectre, there isn't evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. "Doing so successfully in the real world is a complex undertaking", Jorgensen said.

Intel previous year disclosed that hackers could potentially read sensitive data on its processors, which power most data centers and personal computers, by exploiting a feature called speculative execution, in which the chip tries to guess which computations it will carry out ahead of time in an effort to speed up the chip.

Intel has warned of a quartet of serious security vulnerabilities in processors going back more than a decade, dubbed Microarchitecture Data Sampling (MDS) by Intel and RIDL, Fallout, and ZombieLoad by the researchers which discovered them.

The company says it's already addressed the problem in its newest chips after working for months with business partners and independent researchers. Those patches could impact storage-related workloads by up to nine percent if those chips are using Intel's Hyperthreading technology, Intel said in a release.

The so-called ZombieLoad bug was unearthed by some of the same researchers who brought the critical Spectre and Meltdown flaws into the spotlight, and it shares many similarities to those vulnerabilities. Amazon Web Services said that all of its EC2 computing services have been updated with the mitigations recommended by Intel, and Microsoft released patches for Windows Server customers while assuring Azure customers that the systems running their workloads had been updated.

Although security experts have debated the seriousness of the flaws, they are onerous and expensive to patch, and new vulnerabilities are discovered regularly. "This makes me personally very, very skeptical about these hardware barriers set in place by CPU vendors".

At the time, security researchers and Intel said similar side-channel flaws were likely to be found in the future.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE