Have You Disabled HT on Your Intel CPU ? - ZombieLoad Fallout RIDL

dcep on 17/05/2019 - 21:48
Last edited 17/05/2019 - 23:13

So after the Meltdown/Spectre fiasco, here comes the new Zombieload/Fallout/RIDL which apparently much more easy to exploit.

Zombieload Flaw Lets Hackers Crack Almost Every Intel Chip Back to 2011.
While Intel classified the threat as “medium,” security researchers have said Zombieload is far more serious. The vulnerability affects almost every Intel computer chip since 2011 and highlights how hackers could become savvier at targeting the security holes in Intel’s computer chips.
“On a scale of 1 to 10, this is ’10’ serious,” says Robert Siciliano, CEO of security awareness training firm Safr.me.
The Zombieload attack takes advantage of a design flaw in most Intel chips, allowing hackers to grab any data that was recently been accessed by the processor. The attack’s name is a reference to “zombie load,” which is when a computer processor can’t properly process a load of data and needs to ask for help in order to prevent a crash.
http://fortune.com/2019/05/15/zombieload-flaw-lets-hackers-c…

Intel tried to cover it up but apparently Dutch don't like $80k

Intel offered to pay the researchers a USD $40,000 "reward" to allegedly get them to downplay the severity of the vulnerability, and backed their offer with an additional $80,000. The team politely refused both offers.
Intel's security vulnerability bounty program is shrouded in CYA agreements designed to minimize Intel's losses from the discovery of a new vulnerability. Under its terms, once a discoverer accepts the bounty reward, they enter into a NDA (non-disclosure agreement) with Intel, to not disclose their findings or communicate in the regard with any other person or entity than with certain authorized people at Intel.
https://www.techpowerup.com/255563/intel-tried-to-bribe-dutc…

Computing

Comments

  • theHMASfriendship on 17/05/2019 - 22:10
    +1

    Oh, well if Robert Siciliano, CEO of security awareness training firm Safr.me, says its '10' serious…

    • Daabido on 17/05/2019 - 22:40

      I got a personal call from Scott Morrison. He started talking before I had time to say hello. He was '10' serious that I should totally vote for his local candidate, that he said weirdly like he recorded the sentence and the name of the candidate separately. Then he hung up.

    • [Deactivated] on 18/05/2019 - 00:32
      +1

      I'm guessing everything is a 10 from Robert Siciliano of security awareness training firm Safr.me.

  • Wystri Warrick on 17/05/2019 - 22:39

    Seems like the tables are finally turning between Intel and AMD.
    Thanks op, will look into this more once I get some free time :).

  • No Username on 17/05/2019 - 22:40

    At least HT is easier to disable. ME was a pain.

  • netsurfer on 17/05/2019 - 22:48
    +1

    Attackers have to be able to run code on a machine in order to take advantage of ZombieLoad so make sure to install the latest OS update when offered. Chrome and Firefox updates should be coming soon.

    If you are really concerned, you could disable hyper threading. One of my PCs has i5-8400, which has no hyper threading. However, it is still vulnerable to other forms of MDS attacks. It could be a bigger issue for servers or cloud solutions (but apparently AWS has applied patch).

  • Diji1 on 17/05/2019 - 22:57

    THE SKY IS FALLING IN!

  • EightImmortals on 18/05/2019 - 06:22

    Crikey, is the fix for this going to slow things down even more?

    • N1NJ4W4RR10R on 18/05/2019 - 12:34

      Yeah. Marginally generally, but there are some pretty major performance losses in some tasks.

      This is just the patch. If you go that extra bit to disable Hyperthreading that'll hurt a fair bit.

  • accessviolation on 18/05/2019 - 12:17

    I'm of the belief that this exploit doesn't really affect your household consumers.

    Unless you are running guest virtual machines and doing internet banking at the same time on your host. There really isn't anything to be worried about.

    The main area where it affects people are shared VPS and shared hosting.

    Think about it this way, if they are running the attack on your current system and disabling HT doesn't do anything. They are already in your system. Most malware will use several different types of exploits at the same time, so just removing HT wouldn't do much at all.

    So, in my opinion, most people don't have to do anything at all.

    As to commentary from Intel about it being blown out of proportion. No, this is a serious exploit as lots of people use shared VPS/hosting because it is economical. In fact most clouds are using some type of virtualisation which allows them to share the CPU. This is where the big $ is, so yes it is a serious issue. In case anyone thought I was an Intel Fanboi.

    • dcep on 21/05/2019 - 23:00

      …disabling HT doesn't do anything. They are already in your system. Most malware will use several different types of exploits at the same time, so just removing HT wouldn't do much at all.

      https://arxiv.org/pdf/1905.05726.pdf

      "We conclude that disabling hyperthreading, in addition to flushing several microarchitectural states during context switches, is the only possible workaround to prevent this extremely powerful attack."

      • netsurfer on 22/05/2019 - 19:44
        +1

        MDS based attacks rely on constantly checking the buffer and attempt to piece together some form of useful information. The program that's doing the malicious MDS attack has to be running in parallel. It's a big issue for servers. For home PCs, there's no need to panic yet (just keep everything up to date). Honestly, it is easier to be a virus program and scan your files for useful information, rather than looking in the buffer, hoping for bits and pieces of info. It's an issue for shared servers as it is a way to overcome the VM/container sandbox/boundary.

        Also, I have a PC with i5-8400, which has no hyper threading, yet it is still vulnerable to other forms of MDS attacks. So turning off HT isn't a bullet proof solution.

        Lastly, care to guess what happened to intel's share price on the day these MDS based attacks were made public? Intel's share price went up that day. It's a mess caused by intel, but just like Meltdown and Spectre, it will most likely be Microsoft putting in some workarounds / patches at the end of the day (updating every PC's CPU microcode through BIOS is simply unrealistic - no motherboard maker will release a BIOS update for a board that's more than 4 years old).

  • [Deactivated] on 18/05/2019 - 13:00

    Slightly interesting from a cybercrime defence perspective. For a crime to occur it must be proven beyond reasonable doubt yet all the security flaws recently make that almost impossible to do.

  • AlienC on 25/05/2019 - 14:46

    Does anyone even remember a time before computers? Like zero or minimal modern electronics at all?

    Ah what a time.. you just went around and acted like a human with complete carefree cluelessness in the world of what the future was to become :(

    How I miss those days :(

Login or Join to leave a comment
Login Join