• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Yet another Intel CPU security vulnerability!

There is no doubt for whatever reason people are really wanting to find vulnerabilities in intel chips right now, but again attacks on them? hardly unending, they almost zero due to not been practical.

This is manifestly false. Spectre, Meltdown and the subsequent and ongoing hardware bugs are exploitable in the browser with Javascript (just one of many attack vectors)
 
This is manifestly false. Spectre, Meltdown and the subsequent and ongoing hardware bugs are exploitable in the browser with Javascript (just one of many attack vectors)
Some variants have been demonstrated using the SpiderMonkey engine on Linux. They required system-level access to identify specific cores and set core affinity for the attack process. I don’t think there has been a proof of concept with a modern browser.
 
This is manifestly false. Spectre, Meltdown and the subsequent and ongoing hardware bugs are exploitable in the browser with Javascript (just one of many attack vectors)

But not actually ongoing attacks - there have been no demonstrated ways to use them as fire and forget type malware against a generic consumer type user, etc. and if you are using an updated browser with mitigations the chances of being exploited via that vector are exceedingly low even if there was active exploitation of that vector.

What people often overlook is that in the demonstrations of these attacks often things are needed like setting up the environment so target data is being pushed to vulnerable locations 1000s of times a second so that it can be leaked over a few hours or days when in a real situation that data is only there 1-3 times a session at an unpredictable time and would need years of actively trying to exploit while sifting through vast amounts of noise data making it unrealistic.

By far the biggest target for these kind of attacks is server/multi-user systems/networks where an attacker already has one leg in the door in some manner and can use them to gain information from or access to privileged areas from unprivileged levels - environments which might provide the kind of payoff required for the effort these attacks need.
 
are you saying its fine and we don't need to worry about any of these Intel security flaws?
or is it the opposite, that all the servers should ditch Intel or suffer lower performance?
 
If you are running a multi-tenant server environment in which users can run arbitrary code then you need to worry. In which case you need to be patched to the hilt or ditch Intel.
 
This is manifestly false. Spectre, Meltdown and the subsequent and ongoing hardware bugs are exploitable in the browser with Javascript (just one of many attack vectors)

I think you didnt understand what I said? there is no attacks. Which is the case.

But if you are suggesting these are trivial to exploit in a typical environment that hasnt been built with barriers removed to make a test work, then please show me a drive by site showcasing this.
 
are you saying its fine and we don't need to worry about any of these Intel security flaws?
or is it the opposite, that all the servers should ditch Intel or suffer lower performance?

Honestly if I was running servers still where security was at all a concern I wouldn't be using Intel for them. But on the user desktop as long as you are using a web browser with mitigations your exposure to these vulnerabilities is incredibly small as things stand.

They just keep on coming :p

Variants of these side-channel attacks are just going to keep coming - but they will largely be variants of the same weakness and likely with all the same complications in terms of exploiting them.
 
RIP ROP, COP, JOP? Intel to bring anti-exploit tech to market in this year's Tiger Lake chip family - The Register

After years in development, Intel is set to debut security mechanisms in its microprocessors that it hopes will block, at the silicon level, exploitation of a class of software vulnerabilities.

Known as Control Flow Enforcement Technology, or CET, the protections are designed to prevent miscreants from exploiting certain programming bugs to execute malicious code that infects systems with malware, steals data, spies on victims, and so on. These bugs typically involve tricking programs into corrupting or overwriting their memory with special values pivotal to the attacks.

"These are all insidious types of attacks that have been plaguing the industry for some time," Tom Garrison, Intel's client computing group VP and general manager of security strategies and initiatives, told The Register. "They are nearly impossible to address with software-based mitigation."

The first CET-enabled chips will be members of the upcoming 10nm Tiger Lake line, due to launch this year. That family is expected to include server and desktop processors, such as the Project Athena silicon going into laptops.

There are various mitigations in place on modern systems, such as Data Execution Prevention (DEP), that stop hackers from injecting and executing malicious code into a program when, for instance, a victim opens a specially crafted document or connects to a remote service. DEP in particular prevents areas of memory marked as data areas, which can be hijacked by hackers, from being used to run smuggled-in code.

However, it is still possible for skilled miscreants to abuse these memory-corruption vulnerabilities to build a chain of malicious code out of the instructions already present in a program, turning the app or server against itself. This so-called Return Oriented Programming (ROP) is achieved by manipulating an application or server thread stack so that the processor bounces between snippets of the software under attack, performing small operations that together typically disable DEP and pull in more malicious code to execute without hindrance.

CET introduces a shadow stack system to detect and thwart the stack manipulation required by ROP. CET also introduces a new instruction called ENDBRANCH that is a NOP on non-CET x86 processors, but for CET CPUs, marks a valid target for a call or jump instruction. Thus if exploit code hijacks the flow of code in an application or server, and makes it jump to someplace the developers didn't intend, this is caught and stopped. This tackles so-called Call or Jump Oriented Programming (COP or JOP). The ENDBRANCH instructions should be inserted automatically by compilers. Other architectures, such as Arm, have something similar.

"What ends up happening is, as the processor is jumping through the code, it checks to make sure it is landing on an end branch," said Garrison, describing Intel's anti-COP-JOP protection. "If the code jumps to an illegal area, it throws up an error."

Intel believes that the adoption process for applications and operating system developers will be minimal: software can be recompiled and re-released for COP-JOP protection, for instance. Windows 10, for one, is due to support shadow stacks, we're told.

"It depends on which class [of attack] you are trying to mitigate," said Garrison, "but in both cases they are relatively modest changes to the application or the OS level."

This is a welcome development – though not at all if you're an exploit developer – yet bear in mind hardware-level solutions aren't necessarily perfect. Intel's SGX has suffered side-channel leaks, and Apple's Arm-based pointer authentication protections have been bypassed in the past, for example. ®​
 
Either Intel are a really terrible company, or someone has it in for them and they're systematically destroying them.

A little of column A, a little of column B ...

But also this stuff is *really* hard. If you read through the descriptions of spectre and meltdown, it's kinda insane, (IIRC, it's been a while) using speculative branch prediction to read another process's data. Who even thinks of that? Well, security researchers, and apparently hackers.
 
Who even thinks of that? Well, security researchers, and apparently hackers.

Yes researchers think up the ideas and publish their findings. Then all a hacker needs to do is read the news.

Makes me wonder if security exploits should be published in a private publication for hardware and security firms only. Then again, it would only get leaked.

It's good that the public are told about exploits but not good that hackers are told indirectly.
 
Yes researchers think up the ideas and publish their findings. Then all a hacker needs to do is read the news.

Makes me wonder if security exploits should be published in a private publication for hardware and security firms only. Then again, it would only get leaked.

It's good that the public are told about exploits but not good that hackers are told indirectly.

A lot of times the manufacturers are given a heads-up ahead of the public release, but often those subtle heads-up notifications are ignored, rebuked or outright threatened with legal action. Sometimes the only thing to do is release and force their hands.

Plus there's no particular reason to think that if, a security researcher can find the problem, an enterprising hacker team or state-sponsored hacker group won't have already found it and be using it in the wild. It's in all our interests that this stuff comes out into the open.
 
Last edited:
The linux kernel documentation is a real interesting read, and will be a big learning curve to those who think they are secure with OS patches. (of course against a vulnerability that is likely very low risk to consumer pc's and laptops). One read of that documentation and you know turning all this junk off is an ok decision to make. The only real use of it is for commercial cloud/vps providers.
 
PLATYPUS!

We lost count on the number of them, but researchers again discovered vulnerabilities in Intel CPUs. Fluctuations in software power consumption allowed them to access sensitive data. This type of attack is identified as PLATYPUS. The affected processors are all 6th Generation to present including the 11th Gen Comet Lake.

Recently, international security researchers, including a team of experts from the University of Birmingham, discovered a new security vulnerability in Intel processors that makes it possible to access sensitive data by leveraging the side channel to compromise system security. PLATYPUS attacks were difficult to execute as they required precise energy measurements that were difficult to execute with malware. That's why attackers were known to require physical access to the device, as well as specific measurement tools, such as an oscilloscope.

However, this changed after new research from the Graz University of Technology uncovered a method that makes it possible to access sensitive data using side-channel attacks with unprecedented precision, even without physical access. In this way, Intel processors were found to be vulnerable to attack in two different approaches: configuring the RAPL (Running Average Power Limit) interface so that power consumption can be logged without administrator permissions; as well as moving critical data and programs through misuse of Intel's security feature, Software Guard Extensions ( SGX ).

After being informed and working on the issue, Intel released a security update (microcode) this month that also addresses other flaws for a large number of products. These security issues were found in Intel's Wi-Fi modules, Bluetooth and wireless network adapters, as well as the AMT remote management tool.

Intel released no less than 40 security advisories this week, all of them critical, high, and medium.

https://www.guru3d.com/news_story/i...erabilities_side_channel_attack_platypus.html
 
Back
Top Bottom