New vulnerability in Intel processors: you need to know

New vulnerability in Intel processors: you need to know

Data can be stolen via a new vulnerability in Intel CPUs: Here are the most important questions and answers.

Security researchers have been searching for vulnerabilities in devices for years computer processors. In the past, they have already discovered some serious security vulnerabilities (keyword: Meltdown and Specter).

On Tuesday, researchers said with pic . leak Disclosure of information about a new vulnerability. we have it for it Martin Schwarzel And the Andrew Coogler Manal Graz University of Technology Pronunciations, and everything you ever wanted to know about them, have been collected.

Who discovered the vulnerability?
Pietro Borillo of Rome, Andreas Kugler, Martin Schwarzl and Daniel Gross of TU Graz, Moritz Lieb of Amazon Web Services, and Michael Schwartz of Cispa Helmholtz Center for Information Security discovered this gap. She was told aboutbug bounty programIntel reported. If vulnerabilities are reported via such a program, the manufacturer has the opportunity to respond. The information is only released after a certain period of time, usually when there is a solution to the problem.

What did the researchers discover?
Due to a fundamental weakness in the processor architecture of the chip manufacturer Intel, confidential data, such as passwords or encryption keys, can be accessed in computers and servers. An attacker with administrator rights can read data that was previously in this memory through uninitialized memory. The researchers dubbed this gap the “PIC Leak.”

Why ÆPIC Leak?
“The unit we use is called APIC,” Schwarzel says. Specifically affected is the local record Advanced Programmable Interrupt Controller (APIC), which is an integrated component of the CPU. APIC is responsible for accepting and properly arranging Logical Processors (LPs). Each CPU has multiple cores and each core has its own bits of cache. The researchers found that these were not properly configured.

See also  Apple's Application Store antitrust queries will be not comfortable for Valve

The data previously fetched is transferred between L2 and the cache from the last level, and thus can be read through this register. Kogler explains: “We’ve tried CPUs and seen this weird effect that we can also use in this attack. We’ve seen our own data lying there.”

What processors are affected?
This vulnerability, called ÆPIC Leak, affects 10th and newer Ice Lake mobile CPUs. Intel has published a list of other affected processors. They include, for example:

  • Ice Lake Xeon-SP: The third generation of the Intel Xeon Scalable processor family
  • Ice Lake D: Intel Xeon D processor.
  • Gemini Lake: Intel Pentium Silver Series
  • Gemini Lake: Intel Celeron J series processors.
  • Gemini Lake: Intel Celeron N series processor
  • Ice Lake U, Y: The 10th Generation Intel Core Processor Family
  • Rocket Lake: The 11th Generation Intel Core processor family
  • Rocket Lake: Intel Xeon E-2300 processor family
  • Rocket Lake: Intel Xeon E-1300 family of processors

In principle, more processors are affected, but the discovered vulnerability cannot be effectively exploited on others.

What is necessary to exploit the vulnerability?
On the other hand, attackers need administrator rights to exploit the vulnerability. On the other hand, this is only suitable for those users Intel SGX to use. SGX stands for Software protection extensions. It was created for developers who need an environment with high data security. With SGX, application code can occupy its own memory areas (pockets) that are protected from processes running at higher privilege levels.

Who usually uses SGX?
“As an end user, you don’t use SGX much. One example is storing fingerprint data as a use case,” Schwarzel explains. This means that simple computer users usually do not have to worry that their computer will be affected and their data can be read on their device.

According to Schwarzel, the specific use case for SGX is roughly one server operatorWhich uses SGX to protect users’ programs. “In this scenario, there may be malicious server providers using the vulnerability to steal sensitive data from users,” says the researcher.

So is ÆPIC dangerous for private users?
In this case, private computers are less vulnerable than computers of server administrators who use SGX. Therefore, there is a greater risk of data being exploited via cloud servers than through its own computer.

What data can be accessed through the vulnerability?
His research team Encryption keys are like private keys extractor. This is suitable for digital signatures, for example. “This breaches integrity and you can no longer keep track of who signed something,” Kogler says. What makes it so special is that it can’t be seen from the outside that something has been stolen or tampered with. In general, according to the researchers, you can steal all the data that was stored in the processor, which can also be credit cards or other user data.

So how should vulnerability be assessed?
“End users don’t have to worry about their computers being compromised, but in principle, PIC is a very powerful attack because you can crack the entire infrastructure with it. It’s well suited to executing code – also because the enclave can actually be completed, but the data doesn’t. They are still in memory and can be read,” Coogler explains.

What does Intel say about this and what is the solution to the problem?
Intel encourages customers to continue using SGX. The processor manufacturer has one Microcode update for SGX processors It was deployed to mitigate the possibility of the vulnerability being exploited and theft of sensitive data. Intel will also provide the SGX Software Development Kit (SDK) for Windows and Linux. Intel also published a security advisory.

Has the vulnerability already been exploited?
You cannot say yes or no with certainty. However, neither Intel nor security researchers assumed that the vulnerability had actually been exploited before it was announced. Intel commended the researchers’ commitment to “Intel believes it pays to work with well-trained security researchers to identify vulnerabilities and find solutions to them.”

Are there also existing vulnerabilities in other processors?
Daniel Gross, Martin Schwarzl and Andreas Kugler, along with other researchers, published another scientific paper on a new vulnerability in AMD processors on Tuesday. The hole was called “SQUIP” and allows the attacker to access it The same system and the same CPU can spy on the types of instructions that a person is executing. This works due to split scheduling in AMD processors. Apple’s M1 processors share the same design, but are not directly affected at the moment.

Leave a Reply

Your email address will not be published.