Meltdown and Spectre flashback? Researchers warn of data centre processor slowdown from Zombieload fix
Chip giant Intel is once again in the security spotlight after researchers found a new set of vulnerabilities with its processors, which if exploited could result in the theft of data directly from the chip itself.
The new set of flaws are said to affect almost every Intel processor made since 2011, but not processors from rivals such as ARM or AMD.
The fresh security scare was discovered by researchers Michael Schwarz, Moritz Lipp, Daniel Grus at Graz University of Technology in Austria, as well as Jo Van Bulck from KU Leuven university in Belgium. They called the vulnerabilities ‘Zombieload‘.
According to these researchers, “ZombieLoad” is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code.
Intel meanwhile announced that ZombieLoad is made up of four bugs, after it was notified by the researchers of the problem over a month ago
“After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors,” warned the university researchers. “The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.”
“While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs,” they wrote. “These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.”
And they warned the attack did not only affect the processors found in personal computers but also the server processors found in the cloud and data centres.
A video of the flaw can be found here.
“MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques,” Intel wrote. “Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. Practical exploitation of MDS is a very complex undertaking.”
The chip giant said that all future Intel processors will include hardware mitigations addressing these vulnerabilities.
It seems that the researchers decided to call the flaws ZombieLoad from a “zombie load,” which is an amount of data that the processor can’t properly process.
This forces the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug reportedly allows that data to flow across those boundary walls.
Firms such as Apple and Microsoft have already released patches, but unfortunately it seems that the patches will hurt processor performance, most notably in the chips found in data centres.
It is reported that processors in consumer PCs could take a performance hit of about 3 percent at worse, but data centre processors could see a performance hit of as much as 9 percent.
The security industry meanwhile warned that these Zombieload flaws can be exploited equally by criminal hackers or government agencies.
“Spying tools should never be underestimated, as they are constantly being tried and tested in the wild,” said Jake Moore, Security Specialist at ESET.
“Being able to eavesdrop on a target is always a favourite in a cyber criminals’ toolkit but we also shouldn’t forget that tools such as this aren’t just used by the bad guys,” said Moore. “We all remember EternalBlue and how that was used to exploit data by actors on both sides of the law.”
“Tricking the CPU into revealing protected data could have massive implications to millions of people around the world,” he added. “Such data could easily include their passwords or even keys to decrypt their encrypted hard drives. Luckily there is now a tool you can use to test the vulnerability on your machine.”
Another expert pondered the issue of a performance slowdown and whether Intel would seek to bake in improved security practices in the future.
“It’s another day and another big headline impacting a technology giant in the cybersecurity industry,” said Sam Curry, chief security officer at Cybereason. “This drama will continue to play out in the days and weeks ahead.”
“However, unlike the recent Cisco router vulnerability, and most notably the ‘2nd flaw’ that was making headlines, a patch or patches are available and they will help,” said Curry. “Overall, as an industry it doesn’t help that security has a reputation as a discipline for slowing things down and being ‘Dr No.’ Security early is always better than security late, so I’m most interested in the after-action findings from Intel. Was security ignored or even an afterthought? Or is this a natural occurrence of a security bug as all life cycles can and will produce?”
Intel has been here before after it was rocked by the Spectre and Meltdown flaws uncovered in early 2018.
Do you know all about security? Try our quiz!