Intel and AMD Chips Found Vulnerable to Data Theft
Intel and AMD have sold billions of such vulnerable chips over the past decade, particularly affecting the security of servers.
- A large number of chips from Intel have been found to be vulnerable to the Downfall vulnerability, putting sensitive data, including passwords and cryptographic keys.
- Similarly, AMD chips in recent years have been found to be vulnerable to the Zenbleed vulnerability.
- The vulnerabilities are of particular concern to users of shared servers, and patches have potential performance implications.
Critical vulnerabilities have been identified in Intel and AMD chips developed over the past decade, which could put millions of users at risk if found by malicious actors. The findings on the Downfall and Zenbleed vulnerabilities were made by Daniel Moghimi and Tavis Ormandy, researchers at Google.
Intel CPUs from the 6th to 11th generations are said to be vulnerable. The AMD vulnerability is characteristic of the Zen 2 chips. Like the Intel chips, the AMD Zenbleed vulnerability exploits speculative execution operations, which conventionally allows parallel execution of instructions to improve performance. This technique has now been found to open doors to misuse.
See More: Data Breach of 40M Voters Disclosed Two Years After the Incident
Using single instruction multiple data instructions helps the software quickly access scattered data, which is essential in functioning high-performance workloads, such as shared servers.
Malicious actors issue instructions to increase the likelihood of transiently forwarded data up to 4 bytes being visible. In addition, they can scan caches with the Flush+Reload method, which reloads data in shared caches to identify data associated with a target user.
Fixes for these vulnerabilities require hardware and software changes, such as kernel page table isolation, potentially harming system performance between 0 to 50%. It is not yet confirmed if Apple devices with these chips are vulnerable to the flaw. The fact that Apple devices use their own motherboards and firmware has been speculated to provide protection.
The discovery of these flaws will likely increase the importance of hardware design improvements, hardware testing automation, and user awareness going forward.
What measures is your organization taking to secure its Intel-powered systems? Let us know your thoughts on LinkedIn, Twitter, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
