Dr. Michael Schwarz, Dramatic Vulnerability Discovered in Intel Processors, Gutsell Online, OWL Live

Dr. Michael Schwarz, Dramatic Vulnerability Discovered in Intel Processors, Gutsell Online, OWL Live

Dr. Michael Black

Dr. Michael Schwarz, Dramatic Vulnerability Discovered in Intel Processors

After Specter, Meltdown and Zombieload, another vulnerability in modern processors is shaking users’ data security. #picture one of the first discoveries #cpu #weaknessesabout the sensitive #information How #Password Can be read directly from the buffer. The attackers did not have to make any complicated detours through the side channels. Starting today, Intel is providing critical updates for affected devices to close this gap.

“We couldn’t believe what we discovered the first time,” Dr. Michael Black. The CISPA faculty, in collaboration with an international research team, has once again found a processor vulnerability that is forcing manufacturer Intel to act quickly. » So far we suspect the biggest security problems in the processor’s internal, barely documented implementation (microarchitecture) # error source The well documented architecture of the processor can also be found at the level.«

The new vulnerability was named PIC because it can be exploited through a function of the so called APIC (Advanced Programmable Interrupt Controller). APIC is a control element in processors that has been used for decades. The main function of APIC is to regulate, in processors with multiple cores, the core has to interrupt its computing processes if a new request – for example from user input – comes in. The processor can communicate with the APIC to configure it and request information. The communication between the processor and the APIC is through the so-called superqueue. Superqueue is an intermediate memory that is also used to transfer data from Random Access Memory (RAM) to the processor via some data cache. in contrast to the transfer of #information From main memory, only a small part of SuperQ is used when communicating with APIC.

“We found that when APIC inserts information into the superqueue, it does not delete all the old data in the superqueue as intended. However, the information only overwrites a small part of the data. The old data remains and the CPU is justified.” could access it without authorization,” Schwarz explains. This is particularly problematic in that it also applies to highly sensitive data that is stored in specially protected memory areas. “We were also able to obtain from Intel the cryptographic keys that are needed to access these protected areas,” the researchers explain.

All current Sunny Cove-based Intel performances impressed #CPU Such as Ice Lake and Elder Lake, which were launched in 2019-2021. “But this difference may also exist in other processors, but we weren’t able to test them all.” #Update Responds, which users should install as soon as possible.

Dr. In the past, Michael Schwarz was involved in the discovery of processor vulnerabilities like Meltdown, Specter, LVI, and Zombieload. While the meltdown can be fixed on the hardware side, Specter vulnerabilities are still keeping researchers and manufacturers on their toes. » But exploiting these security gaps usually requires a certain amount of information and is complex, as data can only be stolen through so-called side channels. Side channels are information that the processor involuntarily reveals during processing, such as electromagnetic emissions, heat generation or processing time. This information then allows conclusions to be drawn about the data. Exploiting the PIC is much less complicated. We are very surprised that no one has noticed this until now,” says Michael Schwarz. In addition to Pietro Borello from Sapienza University in Rome, Andreas Kogler, Daniel Grass and Martin Schwarzl from Graz University of Technology and Moritz from Amazon Web Services Lipp was involved in the discovery of PIC.

READ  HomePod: New Software 15.2 with Support for Apple Music Voice Subscription

Researchers cannot say to what extent and to what extent the vulnerability has been exploited so far. Together with his colleagues, Schwarz intends to continue to systematically examine processor architectures for vulnerabilities that parallel known software gaps.

More from Laurence Porter
No Pogo, just Clash of Clans? Warcraft GO has apparently been canceled
highlight recent changes Yes No Updated on April 30, 2022: Bad news...
Read More
Leave a comment

Your email address will not be published. Required fields are marked *