Endpoint Security , Hardware / Chip-level Security , Open XDR

Intel, AMD Dispute Findings on Chip Vulnerabilities

After Researchers Release Report, Chipmakers Assert That No New Defenses Are Needed
Intel, AMD Dispute Findings on Chip Vulnerabilities

Intel and AMD are disputing the findings of researchers from two universities who say they've discovered new attacks on Intel and AMD processors that can bypass most of the defenses put in place earlier for similar "Spectre" and "Meltdown" attacks.

See Also: Improving OT and IoT Security for Substations and Power Grids

An attacker exploiting the vulnerabilities could gain access to encryption keys, passwords and other data, the report says.

Intel and AMD insist that users of their chips do not need to take any additional security measures as a result of the discovery because existing protections are adequate.

The newly discovered attacks, like the previously demonstrated attacks, would prove difficult to execute, says Jared Semrau, director, vulnerability and exploitation, at Mandiant Threat Intelligence.

"Continued focus on branded vulnerabilities that are rarely ever exploited ultimately creates a misleading narrative of current and imminent threats, resulting in inefficient use of resources, unnecessary stress and increased risk of exploitation by not putting that time and effort into remediating things that do pose an active or imminent threat," he says.

A 14-page paper from researchers at the University of Virginia and the University of San Diego describes attacks on the chips' micro-op caches, which are part of the predictive computing feature to speed processing.

In January 2018, Google's Project Zero discovered the Spectre and Meltdown attacks that allowed the chips' memory to be read and data exfiltrated.

Intel and AMD then implemented firmware patches to mitigate the risks. Those updates slowed computer speed.

Newly Discovered Attacks

The university researchers describe the newly discovered attacks as:

  • A same-thread cross-domain attack that leaks secrets across the userkernel boundary;
  • A cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache;
  • A transient execution attack that can leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre.

In response to the researcher's findings, Intel says it "reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already has protections against incidental channels, including the uop cache incidental channel. No new mitigations or guidance are needed."

Meanwhile, AMD said it "reviewed the research paper and believes existing mitigations were not being bypassed and no new mitigations are required. AMD recommends its existing side-channel mitigation guidance and standard secure coding practices be followed."

But Ashish Venkat, a researcher from the University of Virginia, responds: "The vulnerability we uncovered is in hardware, and it is important to also design processors that are secure and resilient against these attacks."

Risk Mitigation

The researchers say the vulnerabilities can be addressed with a few possible solutions, each of which, however, can cause additional problems.

For example, they suggest flushing the micro-op cache at domain crossings. But they note that frequent flushing of the micro-op cache could severely degrade performance because no processing can occur during this process.

A lighter-impact alternative is to leverage performance counters to detect anomalies and potentially malicious activity in the micro-op cache. But the researchers note this method is prone to misclassification errors and vulnerable to mimicry attacks.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.