Intel is facing a new set of hardware-based vulnerabilities in the company’s chips that can leak confidential data processed inside the CPU.
The flaws, disclosed by security researchers on Tuesday, affect Intel chips made as far back as 2011. By exploiting them, a piece of malware could extract data, such as passwords, application content, or encryption keys, from PCs and cloud-based servers built with the Intel processors.
Typically, a software program should only be able to view its own data on a machine. However, the vulnerabilities disclosed today can effectively erode these security boundaries by tampering with the Intel chip to leak other program data held by a CPU’s internal buffers, which act as temporary storage.
The so-called “microarchitectural data sampling” vulnerabilities are similar to last year’s Meltdown and Spectre flaws, which deal with the very architecture inside Intel’s silicon. At the heart of the problem is how Intel chips try to predict and pre-fetch the computing instructions as a system runs.
On the plus side, the approach will help speed up your machine’s performance. However, security researchers realized you could also trick an Intel chip into pre-fetching sensitive data from a machine and leaking it. Although Intel has been rolling out patches to mitigate the Meltdown and Spectre flaws, researchers continue to uncover new variants of the vulnerabilities because so many modern chips rely on data pre-fetching to improve the silicon’s performance.
For example, one of the new flaws disclosed today, dubbed ZombieLoad, concerns the way Intel CPU cores will prepare to run several tasks in parallel, even though certain tasks may not be needed. The security researchers discovered you can extract these tasks over an Intel CPU’s buffer and learn what’s inside. Whether the data has any value is another matter, but you could potentially pull information such as browser history data, passwords, and other system-level secrets running over the various applications on a PC.
“Our research shows that what last year appeared to be exceptional one-time speculative execution bugs are actually systemic, and the problems in modern CPUs may go much deeper than we initially thought,” the researchers wrote. “If CPUs have become so complex that chip vendors cannot keep their security under control, hardware vulnerabilities will be the new hunting ground for sophisticated attackers.”
Still, the microarchitectural data sampling vulnerabilities disclosed today appear to be more academic at this stage. For now, no real-world attacks involving the chip flaws have ever been encountered and made public. A big reason why is probably because hackers can simply use traditional malware to steal data from your PC rather than resort to tampering with the Intel processor.
“Exploiting these vulnerabilities outside of a laboratory environment is extremely complex relative to other methods that attackers have at their disposal,” Intel said in a statement. “These issues have been classified as low to medium severity per the industry standard,” the company added.
Both Intel and security researchers appear to be feuding over the severity of the threat, according to Wired. But in the meantime, Intel says it’s addressed the vulnerabilities already with the company’s eighth- and ninth-generation chips, which the company has been releasing over the last year. For older processors, the company has begun rolling out patches through device vendors. So make sure you enable firmware-based updates from the brand that built your PC.
“We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected,” Intel added.
Apple, Microsoft, and Google have also released mitigations as part of the patching process. However, the incoming fixes may impact system performance. To stay completely safe, Microsoft and Apple say customers can consider disabling Hyper-Threading on the Intel chips, which will drag down the performance even more, possibly by up to 40 percent.
On the cloud server front, Microsoft, Google, and Amazon say they’ve all taken steps to protect their customers from the threat.