Intel processors vulnerability. Process sensitive data dangerous

Play for me that post
Voiced by Amazon Polly

Problem?

Intel processors vulnerability. Process sensitive data dangerous

Yes! Unfortunately serious one. Data which is stored in processor cache memory can be known by user. This is Intel processors vulnerability. Process sensitive data dangerous is high.

Why so serious?

Example 1. Let’s imagine that you have disk encrypted in your personal computer. System process need to know disk password to operate on the disk. That’s fine. This password can be stolen from processor cache by local user. There is problem with isolation between system processes and user layer.

Example 2. You work with virtualized or cloud environment. One server hosts more that only one operating system. Host processor work on systems processes simultaneously and store data in cache. All those information can be dumped. If you’re on cloud, in some cases someone else can stole other user information.

Intel processors vulnerability. Process sensitive data dangerous
Intel processors vulnerability. Process sensitive data dangerous

Attack Methods

There are two attack method mentioned:

Meltdown where all processor cache data can be dumped. Intel processors are susceptible.

Spectre. In this case other process data can be stolen. What is important Spectre work on Intel, AMD and ARM processors so also mobile devices are affected.

Real world affect

Intel issued a statement. They inform that problem can be solved only by perform a patching with proper update. Microsoft patch will be available on 9th of January 2018. Unfortunately the problem is performance because some developers who already tested MS patch reports that software isolation between system processes and user layer costs some computing resources. Estimation is between few and even more than 60%.

AWS and Azure sent information to customers that patching action will be performed and some downtime is needed. See AWS and Azure messages.

Conclusion

Problem is real. Nobody knows what will exactly happen in their environment after patching when performance can be poor. What about decision to do not install the patch? What is real security impact? Those and more questions are in IT profs heads. I hope that real impact will be less that expectations.

What is interesting: Intel CEO sold a lot of Intel stock in the end of 2017.

Microsoft Intel CPU Vulnerabilities Live Broadcast Meeting: LINK
Google project zero : LINK
See more security posts: LINK

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.