acm-header
Sign In

Communications of the ACM

ACM News

'Downfall' Flaw Exposes Valuable Data in Generations of Intel Chips


View as: Print Mobile App Share:
Fixes are being released with an option to disable them because of the potential that they could have an intolerable impact on performance for certain enterprise users.

The vulnerability affects the Skylake chip family, the Tiger Lake family, and the Ice Lake family. Intel's current generation chips—including those in the Alder Lake, Raptor Lake, and Sapphire Rapids families—are not affecte.

Credit: Getty Images

Intel is releasing fixes for a processor vulnerability that affects many models of its chips going back to 2015, including some that are currently sold, the company revealed today. The flaw does not impact Intel's latest processor generations. The vulnerability could be exploited to circumvent barriers meant to keep data isolated, and therefore private, on a system. This could allow attackers to grab valuable and sensitive data from victims, including financial details, emails, and messages, but also passwords and encryption keys.

It's been more than five years since the Spectre and Meltdown processor vulnerabilities sparked a wave of revisions to computer chip designs across the industry. The flaws represented specific bugs but also conceptual data protection vulnerabilities in the schemes chips were using to make data available for processing more quickly and speed that processing. Intel has invested heavily in the years since these so-called speculative execution issues surfaced to identify similar types of design issues that could be leaking data. But the need for speed remains a business imperative, and both researchers and chip companies still find flaws in efficiency measures.

This latest vulnerability, dubbed Downfall by Daniel Moghimi, the Google researcher who discovered it, occurs in chip code that can use an instruction known as Gather to access scattered data more quickly in memory. Intel refers to the flaw as Gather Data Sampling after one of the techniques Moghimi developed to exploit the vulnerability. Moghimi will present his findings at the Black Hat security conference in Las Vegas on Wednesday.

From Wired
View Full Article

 


 

No entries found