Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw

栏目: IT技术 · 发布时间: 4年前

Over the last two years, security researchers have dug up one technique after another that lets a hacker trick Intel's microprocessors into spilling a computer's deepest secrets. As those flaws have been exposed, chipmakers have scrambled to patch them. But for one serious form of those attacks it turns out that Intel still hasn't successfully patched the underlying problem despite 18 months of warnings—and not one but two failed attempts to do so.

On Monday, Intel announced that it will issue yet another update to its processors designed to solve a problem it calls "microarchitectural data sampling," or MDS. Different teams of researchers who independently discovered the issue call it RIDL or Zombieload, and warned Intel about the problem as early as June of 2018. The new update, which Intel says will be made available "in the coming weeks," is intended to fix two methods to exploit Intel chips via MDS, which have remained possible even after Intel released MDS patchesin May of 2019 and then again last November . Some of the researchers first warned Intel about the more serious of the two flaws that it's trying to fix now in a paper shared with Intel fully a year ago. Other researchers even shared proof-of-concept code with the company last May.

"Security engineering at Intel (or rather lack thereof) is still business as usual," writes Cristiano Giuffrida, one of the researchers at Vrije Universiteit in Amsterdam who first discovered the MDS attacks, in an email to WIRED. "These issues aren't trivial to fix. But after eighteen months, they're still waiting for researchers to put together proofs-of-concept of every small variation of the attack for them? It’s amazing. We don’t know the inner workings of Intel's team. But it’s not a good look from the outside."

A supergroup of researchers from nearly a dozen universities and security firms brought the MDS attack to light last May after warning Intel nearly a year earlier and holding their findings in secret at Intel's request. Like the notorious Spectre and Meltdown attacks that surfaced in early 2018, it takes advantage of a feature of Intel's processors known as speculative execution .

As a time-saving measure, Intel processors sometimes execute a command or access a part of a computer's memory "speculatively," guessing at what a program will want before it even asks. When that speculative execution accesses an invalid location in memory, the process aborts. In that event, the processor is designed to access arbitrary data from buffers, parts of the chip that serve as the "pipes" between different components, such as its processor and cache. The researchers who discovered MDS showed last year that a hacker could use that trick to obtain information that should be protected—anything from sensitive user data and passwords to decryption keys.

Intel first attempted to patch the MDS flaw by adding a safeguard to the chips' microcode that wipes all sensitive data from the chip's buffers when it switches from one process to another that has different security privileges. But despite that May 2019 update—and then another one for a variant of the attack not covered in Intel's initial patch, despite the researchers' warning about it a year earlier —two other variations on MDS attacks remain possible even now. "When the processor goes from one security context to another, it wipes the buffer, overwriting it, so the buffer is 'clean' with nothing in it," says University of Michigan researcher Stephan van Schaik, a member of the team that worked on the new MDS attack variants as well as the original discovery of the vulnerability. "The only challenge is to get something interesting in it. There are ways to put information back in the buffer despite the overwriting."

The most practical still-viable trick targets a component called the L1 cache, using what the researchers call "L1 data eviction sampling," or L1DES. (The Michigan researchers gave the technique a catchier name: CacheOut .) The researchers found—and the team at TU Graz in Austria first demonstrated in code sent to Intel last year—that with certain techniques, they could cause a processor to write information to that L1 cache, filling it up so certain data is "evicted" into a buffer called the line-fill buffer to make space, leaving it vulnerable. In a separate technique, they could cause the processor to read certain sensitive information that's missing from the L1 cache, which also loads it into the leaky line-fill buffer. In either instance, the researchers can then use the same MDS techniques they previously exposed to steal the data.


以上所述就是小编给大家介绍的《Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

新机器的灵魂

新机器的灵魂

Tracy Kidder / 龚益、高宏志 / 机械工业出版社华章公司 / 2011-10 / 45.00元

计算机从1981年开始发生巨大的变化。《新机器的灵魂》完整地记录下了当时一家公司齐心协力把一种新的小型计算机推向市场的过程中所发生的一系列戏剧性的、充满戏剧色彩的、激动人心的故事。 本书以美国通用数据公司研制鹰电子计算机的全过程为主线,对美国计算机工业的发展和管理中鲜为人知的侧面,作了条理清晰、颇具诗情画意的描述。 你想知道一代新型计算机怎样诞生,精明干练而又富于幽默感的工程技术人员怎......一起来看看 《新机器的灵魂》 这本书的介绍吧!

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

随机密码生成器
随机密码生成器

多种字符组合密码

UNIX 时间戳转换
UNIX 时间戳转换

UNIX 时间戳转换