Home Articles How Researchers Discovered a New ‘Spoiler’ Flaw in Intel Processors

How Researchers Discovered a New ‘Spoiler’ Flaw in Intel Processors

91
0

Recently, researchers discovered a new ‘Spoiler’ flaw in Intel processors. Read on to know more about the seriousness of this latest flaw in Intel processors…

Recently, a critical execution hole was found in Intel’s processors known as ‘Spoiler’. The threat level of this vulnerability is similar to that of another security flaw Spectre, another flaw affecting modern microprocessors, but this works in ways not quite the same. To be specific, the researchers point out that the vulnerability, which they’ve dubbed Spoiler, is not a Spectre attack.

Security researchers at Worcester Polytechnic Institute and the University of Lübeck have published a paper outlining a speculative vulnerability affecting nearly every Intel processor dating back to the first generation of Core CPUs. The research report by scientists at Worcester Polytechnic Institute in Massachusetts states “Spoiler is not a Spectre attack. The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behaviour due to physical address conflicts. Existing Spectre mitigation would therefore not interfere with Spoiler.”

Mechanism
This vulnerability allows an attacker to view critical data from running programs, which is hidden by default. All that a attacker would need is a malware code of malicious javascript to be able to use this flaw against the processors. According to researchers, this vulnerability cannot be countered by any current measures — but require significant amount of redesigning work at the chip level.

The researchers’ documentation states “The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts,”

This exploit is basically a threat to all Intel Core processors from the first generation onwards. An Intel spokesperson recently stated that “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest.”
 
“We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”

Similar to Spectre, the researchers say that Spoiler could allow an attacker to exploit how a PC’s memory works, exposing data from running programs in the process. This data should not be accessible on a whim. Apparently this only affects Intel processors, and not chips from AMD or ARM. Spoiler is also independent of the OS and can even work from within a virtual machine and sandboxed environments.

The researchers seemingly conclude that the only way to completely protect against Spoiler is by redesigning the actual silicon, albeit potentially at the expense of overall performance. “There is no software mitigation that can completely erase this problem,” the researchers said.

Damage Control
Intel was made aware of Spoiler at the beginning of December. “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest,” Intel said.

“We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research,” Intel added.

In other words, the situation is not as dire as perhaps the paper makes it sound, from Intel’s vantage point. But then we’d expect Intel to take that stance. We’ll be keeping an eye on this and will report any significant updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

88 − 83 =