Information security experts have discovered a new vulnerability in Intel chips that can be used to steal sensitive information directly from the processor. The researchers called it "ZombieLoad". ZombieLoad is a side-by-side attack targeting Intel chips that allows hackers to effectively exploit a flaw in their architecture to obtain arbitrary data, but it does not allow them to inject and execute arbitrary malicious code, thus using it as the only tool for intrusion and hacking. remote computers is not possible.
According to Intel, ZombieLoad consists of four bugs in the microcode of its chips, which researchers reported to the company just a month ago. Almost all computers with Intel chips released since 2011 are vulnerable to the vulnerability. ARM and AMD chips are not affected by this vulnerability.
ZombieLoad is reminiscent of Meltdown and Specter, which were sensational in the past, which exploited a bug in the system of speculative (advance) command execution. Speculative execution helps processors predict to a certain extent what an application or operating system might need in the near future, making the application run faster and more efficiently. The processor will return the results of its predictions if they are correct, or reset the execution results if the prediction is false. Both Meltdown and Specter exploit the ability to abuse this feature to gain direct access to the information the processor is handling.
ZombieLoad translates as βzombie loading,β which partly explains the mechanism of the vulnerability. During the attack, the processor is fed more data than it can handle properly, causing the processor to request help from the microcode to prevent a crash. Typically, applications can only see their own data, but a bug caused by CPU overload allows you to bypass this limitation. The researchers stated that ZombieLoad is able to obtain any data used by the processor cores. Intel says the microcode fix will help clear processor buffers when overloaded, preventing applications from reading data they weren't intended to read.
In a video demonstration of how the vulnerability works, the researchers showed that it can be used to find out which websites a person is visiting in real time, but it can just as easily be used to obtain, for example, passwords or access tokens used by users for payment transactions. systems
Like Meltdown and Specter, ZombieLoad affects not only PCs and laptops, but also cloud servers. The vulnerability can be exploited on virtual machines that must be isolated from other virtual systems and their host devices to potentially bypass this isolation. Thus, Daniel Gruss, one of the researchers who discovered the vulnerability, claims that it can read data from server processors in the same way as on personal computers. This is a potentially serious problem in cloud environments where different clients' virtual machines are running on the same server hardware. Although attacks using ZombieLoad have never been publicly reported, researchers cannot rule out the possibility that they may have occurred, since data theft does not always leave any traces.
What does this mean for the average user? There's no need to panic. This is far from an exploit or a zero-day vulnerability where an attacker can take over your computer in an instant. Gruss explains that ZombieLoad is "easier than Specter" but "harder than Meltdown" - both of which require a certain skill set and effort to use offensively. In fact, to perform an attack using ZombieLoad, you must somehow download the infected application and run it yourself, then the vulnerability will help the attacker download all your data. However, there are much easier ways to hack into a computer and steal them.
Intel has already released microcode to patch affected processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips, Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips, as well as all Atom and Knights processors. Other large companies have also released a fix for the vulnerability on their part. Apple, Microsoft and Google have also already released corresponding patches for their browser.
In an interview with TechCrunch, Intel said that updates to chip microcode, like previous patches, will affect processor performance. An Intel spokesperson said most patched consumer devices could suffer a worst-case performance loss of 3%, with up to a 9% loss for data centers. But according to Intel, this is unlikely to be noticeable in most scenarios.
However, Apple engineers completely disagree with Intel, who about the method of complete protection against βMicroarchitectural Data Samplingβ (official name ZombieLoad) they claim that to completely close the vulnerability it is necessary to completely disable Intel Hyper-Threading technology in processors, which, according to tests by Apple specialists, can reduce the performance of user devices in a number of tasks by 40% .
Neither Intel nor Daniel and his team have published the code that implements the vulnerability, so there is no direct and immediate threat to the average user. And promptly released patches eliminate it completely, but given that each such fix costs users certain losses in performance, some questions arise for Intel.
Source: 3dnews.ru