ZombieLoad side-channel attack affects Intel chips manufactured since 2008

The flaw could enable hackers to steal almost every bit of data from inside the CPU - including on servers running in the cloud

Researchers have discovered a new class of Spectre-like security flaws in Intel microprocessors, dubbed microarchitectural data sampling flaws. The flaws could enable hackers to steal almost every bit of data from inside the CPU.

According to researchers, the main vulnerability in this new class of vulnerabilities is ZombieLoad, a side-channel attack reminiscent of Foreshadow, Spectre, and Meltdown attacks.

In all, researchers unearthed four MDS vulnerabilities:

  1. CVE-2018-12126 aka Fallout (targets store buffers);
  2. CVE-2018-12127 (attacks load buffers);
  3. CVE-2018-12130 aka ZombieLoad (targets line fill buffers); and,
  4. CVE-2019-11091 (attacks uncacheable memory).

ZombieLoad as the most dangerous of these attacks, researchers highlight, as it can steal more data from chips than other attacks.

Hackers can exploit ZombieLoad with the help of speculative execution process - an optimisation technique introduced by Intel in its chips to enhance their performance and processing speeds. The feature enables processors to speculate ahead of time the operations and data that will require processors to execute commands.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

ZombieLoad can target th echip's microarchitectural data structures (load, store, and line fill buffers), which are used for faster reading/writing of data being processed inside the CPU.

Like Spectre and Meltdown, ZombieLoad doesn't just affect laptops and personal computers, but servers running in the cloud as well. The attack can be triggered in virtual machines that are isolated from other virtual systems and the host device.

All four attacks could use speculative execution to deceive Intel's processors to retrieve data moving from one component to another.

All Intel chips released since 2008 - except the 8th and 9th generation core processors, as well as second generation Xeon scalable processors - are likely vulnerable to these attacks, researchers claimed.

Intel's newer chips are not vulnerable as they come with hardware mitigations against these flaws. Chips from ARM and AMD don't appear to be vulnerable to the attacks, although they haven't been as intensively tested.

Intel has issued a microcode update to patch the vulnerability. The company said it is working with operating system vendors, equipment manufacturers, and other partners to provide software updates and platform firmware to enable customers to mitigate the security risks to their systems from these attacks.

Google and Apple have also issued updates, and Microsoft is expected to soon issue the update.

However, researchers warned that these patches will almost certainly slow down processors, and are unlikely to provide full-proof protection from attacks.

Intel has advised its customers to disable Hyper-Threading on their machines "depending on their security needs," although not everyone needs to disable it, according to the company.

"Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT)," Intel said.

"In these cases, customers should consider how they utilise SMT for their particular workload(s), guidance from their OS and VMM [virtual machine manager] software providers, and the security threat model for their particular environment."

"Because these factors will vary considerably by customer, Intel is not recommending that Intel® HT be disabled, and it's important to understand that doing so does not alone provide protection against MDS [microarchitectural data sampling]."

Computing and CRN have united to present the Women in Tech Festival UK 2019, on 17 September in London.

The event will celebrate successful women in the IT industry, enabling attendes to hear about, and to share, personal experiences of professional journeys and challenges.

Whether you're the ‘Next Generation', an ‘Inspirational Leader', or an ‘Innovator of Tech' this event will offer inspiration on not only how to improve yourself, but how to help others too. The event is FREE for qualifying IT pros, but places will go fast