Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were on to something.
On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre.
The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners.
The colorfully named ZombieLoad attack, for example, would unearth private browsing history and leak information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack would leak information from different security buffers inside the Intel processors, while an attack called Fallout would allow an adversary to read data recently written by an operating system. When paired with a data-reading aspect of Spectre, another attack, dubbed “stored-to-leak forwarding,” would abuse the store buffer to leak data or monitor the operating system.
Intel said its own internal team discovered the vulnerabilities first. The researchers who published details on the attacks hailed from companies Cyberus, BitDefender Oracle, Qihoo360, along with Belgium’s KU Leuven, the University of Adelaide, University of Michigan, Graz University of Technology, the Helmholtz Center for Information Security, Vrije Universiteit Amsterdam and Worcester Polytechnic Institute.
“We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse,” researchers wrote in a summary of the RIDL and Fallout attacks.
The vulnerabilities were already addressed at the hardware level in recent versions of Intel Core processors, the chip giant said. Other affected products can be mended via microcode and operating system hypervisor updates that will be made available starting Tuesday.
“Ever since Meltdown/Spectre, if not before, researchers have been going over every micro-architectural enhancement from the past 40 years and assessing them as side-channel targets,” said Joe FitzPatrick, an instructor and researcher at SecuringHardware.com, a training site.
“That’s part of why we have over a dozen people finding similar vulnerabilities in a short time span.”
The discovery of Meltdown and Spectre, which was made by some of the same researchers, led to reforms of the cumbersome process for disclosing vulnerabilities in the hardware industry — reforms that the new chip vulnerabilities could put to the test.