New Class of Vulnerabilities Leak Data From Intel Chips

Discussion in 'UDOO X86' started by LDighera, May 15, 2019.

  1. LDighera

    LDighera Active Member

    Joined:
    Jan 13, 2014
    Messages:
    184
    Likes Received:
    25
    Use this URL to read the full article: https://www.securityweek.com/new-class-data-leaking-vulnerabilities-impact-intel-cpus

    New Class of Vulnerabilities Leak Data From Intel Chips
    By Eduard Kovacs on May 14, 2019

    [​IMG]

    Microsoft, Apple, Google Release Updates to Address Microarchitectural Data Sampling (MDS) Vulnerabilities Impacting Most Chips Made by Intel

    Millions of computers powered by Intel processors are affected by vulnerabilities that can be exploited by malicious actors to obtain potentially sensitive information. Intel and other tech giants have already released patches and mitigations.

    The side-channel attack methods, named ZombieLoad, RIDL (Rogue In-Flight Data Load), and Fallout, are similar to the notorious Meltdown and Spectre, which researchers first disclosed in January 2018. At the time, experts accurately predicted that other similar speculative execution attacks would be discovered.

    The attack methods work against both PCs and cloud environments, and they can be launched against most Intel CPUs made in the past decade. The techniques can be used to get applications, the operating system, virtual machines and trusted execution environments to leak information, including passwords, website content, disk encryption keys and browser history.

    [​IMG]For example, experts have demonstrated that hackers can use the ZombieLoad attack, which is a subclass of RIDL, to obtain a user’s browsing history even if the victim surfs the web from a virtual machine and uses the Tor anonymity network.

    The Fallout method is mostly useful for determining the operating system’s memory position, which researchers say strengthens the other attacks.

    The vulnerabilities can be exploited using malware planted on the targeted devices, but some of them can also be exploited remotely from the internet via JavaScript code and malicious websites.

    Researchers warned that it may be difficult for cybersecurity software to detect attacks, and exploitation of the flaws might not leave any traces in log files. For the time being, there is no evidence of malicious attacks and experts believe the flaws are more likely to be exploited in highly targeted operations.

    Intel said the vulnerabilities were first identified by its own researchers and partners, and later independently reported by others, including experts who discovered the original Meltdown and Spectre vulnerabilities. The company has credited researchers from the University of Michigan, Worcester Polytechnic Institute, Graz University of Technology, imec-DistriNet, KU Leuven, University of Adelaide, Microsoft, the VUSec group at VU Amsterdam, Bitdefender (which published its own paper), Oracle, and ...
     
  2. itimpi

    itimpi Member

    Joined:
    Oct 31, 2013
    Messages:
    90
    Likes Received:
    19
    I do not think the UDOO x86 suffers from this issue as it does not support hyper-threading and the bug only occurs on processors that DO support it.
     
    evaloverde likes this.
  3. ccs_hello

    ccs_hello Active Member

    Joined:
    Apr 15, 2017
    Messages:
    322
    Likes Received:
    122

Share This Page