Yet another Intel CPU security vulnerability!

[IT Troll]

No need to use elaborate side channel data sampling. Just have your payload install a “trusted” Gigabyte or ASUS driver, kill all security processes and then ransom away.

https://arstechnica.com/information...ansomware-burrow-deep-into-targeted-machines/

 

[Tee Hee Johnson]

No need to use elaborate side channel data sampling. Just have your payload install a “trusted” Gigabyte or ASUS driver, kill all security processes and then ransom away.

https://arstechnica.com/information...ansomware-burrow-deep-into-targeted-machines/

Yep, with most ransom ware the CPU vendor doesn't matter, will matter to both AMD, Intel and others.

 

[Ice Tea]

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

https://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw

Not currently easy to exploit but i thought it might have been of interest.

 

[Kurgen]

https://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw

Not currently easy to exploit but i thought it might have been of interest.

Read the same thing on Kitguru , what are the real world risks to home users. does this mean your pc is compromised at a hardware level so no amount of software firewall anti malware will help. How does a person first get through your internet firewall, do they just hop on to some incoming traffic then exploit the intel vulnerability to get access to PC.. sorry if noob question.

 

[Tetras]

From what I read, they have to take advantage of a small boot window when hardware is operating unprotected at a low level, so they would need physical access to the hardware, don't think it can be done via LAN or Internet.

 

[Kurgen]

From what I read, they have to take advantage of a small boot window when hardware is operating unprotected at a low level, so they would need physical access to the hardware, don't think it can be done via LAN or Internet.

so a hacking burglar, i think thats a pretty low chance then... Arny True Lies USB stick type of thing lol

 

[Rroff]

so a hacking burglar, i think thats a pretty low chance then... Arny True Lies USB stick type of thing lol

Like most if not all of these vulnerabilities the risk to home users is low to none but in a business or server environment potentially very concerning - in a business environment it potentially could give an unprivileged user with physical access the ability to access data they shouldn't.

 

[ChrisLX200]

Like most if not all of these vulnerabilities the risk to home users is low to none but in a business or server environment potentially very concerning - in a business environment it potentially could give an unprivileged user with physical access the ability to access data they shouldn't.

..the risk may be low but there's no avoiding the performance-reducing patches necessary to protect against it.

 

[IT Troll]

..the risk may be low but there's no avoiding the performance-reducing patches necessary to protect against it.

Crucially, the boot ROM is read-only: it cannot be patched.

 

[Orange Nexus]

Yup, no patch for this thing. I few months ago it was discovered than disabling Hyperthreading does not fully protect to some vulnerabilities. It could be one reason intel went all out again with HT with the 10 series.

 

[TNA]

Be just easier to just get an AMD cpu. God knows what other issues will be found as time goes by as they keep finding them all the time.

I would not touch Intel until their brand new architecture that Jim Keller has worked on comes out. This is probably 2 years away still.

 

[edscdk]

From what I read, they have to take advantage of a small boot window when hardware is operating unprotected at a low level, so they would need physical access to the hardware, don't think it can be done via LAN or Internet.

I thought the issue was it's only a matter of time before someone extracts Intel private keys using this vulnerablity. Once I have the key from my chipset it can be used to extract keys from your (if its the same) chipset that you (well your pc) thought were protected..

Id like someone fully in the know to explain though!

 

[EsaT]

I would not touch Intel until their brand new architecture that Jim Keller has worked on comes out. This is probably 2 years away still.

With the engineering resources Intel has its doubfull he was hired for baby sitting CPU development.
Lot more likely goal was developing computing products for AI and such.
Self driving cars and such things will be new and growing market.

Also tech for connecting different chips will be important.
Intel needs flexible bus like AMD's InfinityFabric.

 

[Scougar]

AMD and Intel both have vulnerabilities. VulnWars 2.

So much heavy research trying to expose flaws that are so unwieldy to actually initiate that may as well use a simpler technique. Once you have the level of control needed for most of these, you probably have full control of the system anyway.

 

[humbug]

AMD and Intel both have vulnerabilities. VulnWars 2.

So much heavy research trying to expose flaws that are so unwieldy to actually initiate that may as well use a simpler technique. Once you have the level of control needed for most of these, you probably have full control of the system anyway.

 

[Scougar]

Lol. Pretty much.

 

[Vince]

@Rroff is this the beginning of the end for intels management engine. I remember a discussion we had about when the ME becomes a target. Would be interested to hear your thoughts.

 

[b00merang69]

AMD processors from 2011 to 2019 vulnerable to two new attacks

Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.

AMD processors manufactured between 2011 and 2019 (the time of testing) are vulnerable to two new attacks, research published this week has revealed.The two new attacks impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features.

The research team said it notified AMD of the two issues in August 2019, however, the company has not publicly addressed the two issues, nor has it released microcode (CPU firmware) updates.

An AMD spokesperson was not available for comment on this article.

THE L1D CACHE WAY PREDICTOR

The two new attacks target a feature of AMD CPUs known as the L1D cache way predictor.

Introduced in AMD processors in 2011 with the Bulldozer microarchitecture, the L1D cache way predictor is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory.

A high-level explanation is available below:

The predictor computes a μTag using an undocumented hash function on the virtual address. This μTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.

The two new attacks were discovered after a team of six academics -- from the Graz University of Technology in Austria and the Univerisity of Rennes in France -- reverse-engineered this "undocumented hashing function" that AMD processors were using to handle μTag entries inside the L1D cache way predictor mechanism.

"Knowledge of these functions is the basis of our attack technique," the research team said.

Knowing these functions, allowed the researchers to recreate a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be.

https://www.tenforums.com/windows-1...9-vulnerable-two-new-attacks.html#post1856798 < Easier to read.


https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/ < Source

 

[humbug]

AMD processors from 2011 to 2019 vulnerable to two new attacks

Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.

AMD processors manufactured between 2011 and 2019 (the time of testing) are vulnerable to two new attacks, research published this week has revealed.The two new attacks impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features.

The research team said it notified AMD of the two issues in August 2019, however, the company has not publicly addressed the two issues, nor has it released microcode (CPU firmware) updates.

An AMD spokesperson was not available for comment on this article.

THE L1D CACHE WAY PREDICTOR

The two new attacks target a feature of AMD CPUs known as the L1D cache way predictor.

Introduced in AMD processors in 2011 with the Bulldozer microarchitecture, the L1D cache way predictor is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory.

A high-level explanation is available below:

The predictor computes a μTag using an undocumented hash function on the virtual address. This μTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.

The two new attacks were discovered after a team of six academics -- from the Graz University of Technology in Austria and the Univerisity of Rennes in France -- reverse-engineered this "undocumented hashing function" that AMD processors were using to handle μTag entries inside the L1D cache way predictor mechanism.

"Knowledge of these functions is the basis of our attack technique," the research team said.

Knowing these functions, allowed the researchers to recreate a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be.

https://www.tenforums.com/windows-1...ors-2011-2019-vulnerable-two-new-attacks.html < Easier to read.


https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/ < Source

Posted today, last activity 8 minutes ago
Why a tech forum? why not official channels?

 

[b00merang69]

Posted here (I did use search and "AMD" as keyword and looked back 2-3 page of results)?

As to the other question(s) why ask me or where they rhetorical?