Yet another Intel CPU security vulnerability!

Selekt0r · 10 Sep 2019 at 20:54

Wow - another one incoming. This time using shared cache accessed via DDIO to obtain keystrokes from other processes/applications/sessions.

https://arstechnica.com/information...s-researchers-steal-encrypted-ssh-keystrokes/

Clever hack, and certainly not very easily exploited - however if it results in DDIO needing to be disabled in shared data centre environments then it's yet another performance hit. :eek:

Rroff · 10 Sep 2019 at 21:16

I'd have serious reservations now about running VPSes, etc. on an Intel system patched or otherwise - even though most of these attacks are as they said not particularly appealing as low hanging fruit to a would be attacker. Intel needs a complete architecture revamp as they've become far too much of a static target.

Fortunately not something of concern to most if any home users in this case.

zx128k · 10 Sep 2019 at 21:27

It's not like the patches cause massive performance loss.

"Intel chip vulnerability nicknamed “ZombieLoad” has been revealed to the public, and though it’s already being patched by three major operating system makers, there’s some bad news: full protection could reduce your CPU’s performance by up to 40%." During testing this month, Apple says that it found “as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks,” though actual performance impacts will vary between machines. Because of that steep performance drop, Apple has implemented a partial mitigation in macOS Mojave 10.14.5, leaving users to decide whether they want to disable hyper-threading for full protection. https://venturebeat.com/2019/05/14/...es-os-patches-with-up-to-40-performance-hits/

https://www.techspot.com/article/1850-how-screwed-is-intel-no-hyper-threading/

To quickly summarize the results, core heavy application performance was typically reduced anywhere from 25-35%.

FredFlint · 10 Sep 2019 at 22:21

Most system will never get fully patched as the performance hit is just to big. A fully patched Intel system would get destroyed by a fully patched AMD system and still be less secure.

jigger · 10 Sep 2019 at 22:31

FredFlint said:
Most system will never get fully patched as the performance hit is just to big. A fully patched Intel system would get destroyed by a fully patched AMD system and still be less secure.

Yeah Intel are in trouble and we haven’t seen the end of what can only be seen as many horribly handled cases of gross incompetence.

FredFlint · 10 Sep 2019 at 22:46

jigger said:
Yeah Intel are in trouble and we haven’t seen the end of what can only be seen as many horribly handled cases of gross incompetence.

It's hard to believe they are so incompetent, I think a lot of it is Intel doing anything it can to get performance up and just throwing security under the bus is an easy way to do it.

RavenXXX2 · 11 Sep 2019 at 01:06

Rroff · 11 Sep 2019 at 01:25

FredFlint said:
It's hard to believe they are so incompetent, I think a lot of it is Intel doing anything it can to get performance up and just throwing security under the bus is an easy way to do it.

It isn't really like that - though I won't discount a degree of it - most hardware security gets compromised eventually if it is in use long enough in one way or another for example emulators for older gaming hardware that originally had DRM or built in copy protection, etc. the problem is so much underlying tech in Intel CPUs hasn't moved on fundamentally in so long - I pretty much guarantee that Zen, etc. if there is enough attention on it still in a decade or so would be opened up similarly - this is an 8 year old implementation that builds on tech that goes back another few years before that and only just been exploited now. The problem is Intel holding back any real evolution of CPU design for so long.

Vince · 11 Sep 2019 at 01:29

Rroff said:
It isn't really like that - though I won't discount a degree of it - most hardware security gets compromised eventually if it is in use long enough in one way or another for example emulators for older gaming hardware that originally had DRM or built in copy protection, etc. the problem is so much underlying tech in Intel CPUs hasn't moved on fundamentally in so long - I pretty much guarantee that Zen, etc. if there is enough attention on it still in a decade or so would be opened up similarly - this is an 8 year old implementation that builds on tech that goes back another few years before that and only just been exploited now. The problem is Intel holding back any real evolution of CPU design for so long.

The closed encryption in rome is pretty epyc, going to take a serious amount of work to break that down. Most of what we are seeing from Intel, granted it's an old uarch is just laziness is it not? Some of the earlier vulnerabilities look to me like skipping checks (clock cycles) for improved performance.

Rroff · 11 Sep 2019 at 01:34

Vince said:
The closed encryption in rome is pretty epyc, going to take a serious amount of work to break that down. Most of what we are seeing from Intel, granted it's an old uarch is just laziness is it not? Some of the earlier vulnerabilities look to me like skipping checks (clock cycles) for improved performance.

LOL but yeah what is a serious amount of work is often not so much in a decade or so time with advances in computing power and understanding of maths and techniques that can be used to identify patterns, etc. such as assistance from machine learning.

I won't say there aren't some issues due to laziness probably under the assumption that stuff was so obscure no one would ever realistically break into it - but a lot of these systems have held up many many years before finally being cracked - if it was purely down to laziness and incompetence a lot of these issues would have come up fairly early on in the Core 2 days, etc.

EDIT: Another aspect that often goes unremarked on is that Intel now runs a bug bounty program with potentially lucrative rewards for people who find serious weaknesses - which means more people than ever are looking at Intel archs in depth - meaning a higher chance of these issues coming to light even though that isn't great PR for Intel.

Vince · 11 Sep 2019 at 01:36

Rroff said:
LOL but yeah what is a serious amount of work is often not so much in a decade or so time with advances in computing power and understanding of maths and techniques that can be used to identify patterns, etc. such as assistance from machine learning.

I won't say there aren't some issues due to laziness probably under the assumption that stuff was so obscure no one would ever realistically break into it - but a lot of these systems have held up many many years before finally being cracked - if it was purely down to laziness and incompetence a lot of these issues would have come up fairly early on in the Core 2 days, etc.

Tech marches on

and your right, what seems insurmountable now could be trivial around the corner.

Rroff · 11 Sep 2019 at 01:46

Vince said:
Tech marches on and your right, what seems insurmountable now could be trivial around the corner.

To be fair under the spotlight I suspect a contemporary AMD architecture would probably hold up longer than Intel's security wise - but in the current context I don't think it has as much to do with incompetence (at least at design level) as people like to think.

I still shudder at the possibility of Intel's management engine being exposed to a remote execution intrusion as that is pretty much game over for any internet connected Intel system.

Admetos · 11 Sep 2019 at 04:12

Are you referring to this.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

If so Gigabyte have an updated BIOS for my Z370 HD3P, however I've not installed yet and to be honest probably won't!

zx128k · 11 Sep 2019 at 05:32

jigger · 11 Sep 2019 at 14:23

Rroff said:
It isn't really like that - though I won't discount a degree of it - most hardware security gets compromised eventually if it is in use long enough in one way or another for example emulators for older gaming hardware that originally had DRM or built in copy protection, etc. the problem is so much underlying tech in Intel CPUs hasn't moved on fundamentally in so long - I pretty much guarantee that Zen, etc. if there is enough attention on it still in a decade or so would be opened up similarly - this is an 8 year old implementation that builds on tech that goes back another few years before that and only just been exploited now. The problem is Intel holding back any real evolution of CPU design for so long.

Yeah it’s not like people should expect Intel security to hold up on a brand new chip or an unreleased one....

d_brennen · 11 Sep 2019 at 14:31

Rroff said:
I still shudder at the possibility of Intel's management engine being exposed to a remote execution intrusion as that is pretty much game over for any internet connected Intel system.

Wasn't that the whole idea? INSERT_3_LETTER_GMEN_HERE innit

Rroff · 11 Sep 2019 at 14:44

jigger said:
Yeah it’s not like people should expect Intel security to hold up on a brand new chip or an unreleased one....

That is a different angle again.

jigger · 11 Sep 2019 at 14:45

Rroff said:
That is a different angle again.

It’s the crux of the situation.

Rroff · 11 Sep 2019 at 16:54

jigger said:
It’s the crux of the situation.

Oh I thought you were disagreeing with me about how the main problem is how long Intel have been reusing fundementally the same architecture.

jigger · 11 Sep 2019 at 17:55

Rroff said:
Oh I thought you were disagreeing with me about how the main problem is how long Intel have been reusing fundementally the same architecture.

The problems effects all Intel CPU’s now and into the future. Your point about breaking security sometime in future is pointless.