Dutch researchers discover a major leak in Intel processors that is present in 75% of all computers with an Intel processor. A new threefold of attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.
Researchers at the VU University Amsterdam have discovered a leak in Intel processors that are found in practically every modern computer. This makes it possible to retrieve sensitive data from the memory - such as passwords and bank details.An attacker running unprivileged code on a vulnerable machine could use MDS security flaws to extract information from the operating system kernel, processes, the Software Guard eXtensions (SGX) enclave, and CPU-internal operations. Researchers have named a Microarchitectural Data Sampling (MDS) attack and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.
According to Herbert Bos, professor of Systems and Network Security at the VU and co-discoverer of the leak, the find shows that contemporary processors have become so complex that chip makers are unable to control security. Last year two major leaks in processors were discovered: called Spectre and Meltdown. Both leaks were closed, but that happened provisionally. Since the vulnerability is in the hardware, it is difficult to fix. In fact, this is only possible with a detour via software updates.
What is described as Zombieload, RIDL and Fallout can used to attacks victims. Computers with Intel processors are vulnerable. It is estimated that roughly three-quarters of all desktops and laptops are stored in consumers' homes and offices. In the case of the new vulnerability, called RIDL by the researchers, it is a problem with chips specifically from Intel often used in computers and servers. Phones and tablets are virtually unaffected by this, neither are laptops and desktop based on an AMD processor.
- Website dedicated to all MDS attacks
- Bitdefender technical paper
- Intel on MDS attacks
- Intel security updates
- Windows, Mac, Linux, Red Hat, and Google products security updates
A quick fix, "If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors," says VUSec's Pietro Frigo. That would be procs below 8th, 9th Gen Intel CPUs. However, in several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. The researchers reported the vulnerability to Intel in September 2018.
Update: As we just learned, Intel actually is not recommending disabling hyperthreading. See the following from Intel’s “mitigation” section on the MDS page:
Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.