Posted on May 16, 2019 at 8:50 AM
Last year security researchers found architectural vulnerabilities in both AMD and Intel processors, and it shook the market to its very core. This sent both manufacturers to somehow fix the flaws that opened up everyone with a computer at risk of getting hacked. However, Meltdown and Spectre – the names of the exploits, were only the beginning of a new type of threat. One that many thought would rear its ugly head soon enough, but no one was expecting security to be breachable so soon.
Groups of researchers uncover critical data flaw in all Intel processors
The latest flaw is even greater than the last vulnerability. It allows malicious threat actors to access all every single bit of raw data that is touched by a victim’s CPU – which ostensibly means everything. Intel announced the vulnerability today along with a group of microarchitecture security researchers. There are four distinct attacks that are all capable of siphoning a stream of data from a victim’s computer processor to an attacker.
Seven universities and four security firms have all chipped in to analyze and name the exploit which has variously been called ZombieLoad, Fallout, and RIDL (Rogue In-flight Data Load). The researchers were set up into two different workgroups to help Intel analyze everything about the vulnerability and were asked to keep their work out of the news for a year while Intel worked on fixes to the problem.
Researchers and Intel singing different tunes
There is some disconnect between what the researchers are saying and what Intel is saying. Intel’s official stance mirrors the name it gave the vulnerability. Much like they did not give it something that would cause instant suspicion to the average computer user, they also say that the vulnerability is not that severe.
However, researchers are saying that the flaws represent a critical flaw in the processors and that the only way to completely isolate yourself from any potential danger is to switch off certain features of the processor. While it does not, at first sight, appear to have any impact on ARM or AMD chips, there is not much evidence to go on say the researchers. Intel represents the lion’s share of the consumer and server market, so all efforts were put into finding out every single possible way to break into the processors so that Intel would be able to find a fix as soon as possible.
Intel does say that some models of the chips it has released are completely fixed, but it did not specify exactly which chips those were. What is even more worrying is that the research shows that all of Intel’s chips going back all the way to 2008 are affected by this flaw. That is a lot of upgrade cycles and a lot of generations of the i-series chips that are included. During this time was when Intel dominated the processor wars as AMD have only been able to catch up about a year or so ago.
The vast majority of people who own a computer – whether they are running Linux, Windows, or MacOS, are at risk. Mac users, in particular, are all at risk since the planned obsolescence of Apple products and only having very specific suppliers means that the absolute vast majority, almost all of them in fact, are at risk from this vulnerability.
Data centers will feel the brunt of the damage
Datacentres, where most of the information in the world is kept, are going to suffer due to this problem. The researchers have already said that switching off certain features will be needed for any real hope of security. The amount of confidential data that is available in data centers around the world is tremendous, so switching off the chipset features is their only real option. Some have predicted that will hit performance by as much as 25% in many data centers.
This can be a potentially disastrous turn of events if not dealt with quickly on the side of both Intel and the large institutions who are running cloud services.