Tuesday, May 14th 2019
Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs
Ouch doesn't even begin to describe how much that headline hurt. As far as speculative execution goes, it's been well covered by now, but here's a refresher. Speculative execution essentially means that your CPU tries to think ahead of time on what data may or may not be needed, and processes it before it knows it's needed. The objective is to take advantage of concurrency in the CPU design, keeping processing units that would otherwise be left idle to process and deliver results on the off-chance that they are indeed required by the system: and when they are called for, the CPU saves time by not having to process them on the fly and already having them available.
The flaws have been announced by Intel in coordination with Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. While some of the parties involved have named the four identified flaws with names such as "ZombieLoad", "Fallout", and RIDL, or "Rogue In-Flight Data Load", Intel is using the PEGI-13 "Microarchitectural Data Sampling (MDS)" name.
Update May 15th: Intel has released benchmarks that show the performance impact of the MDS mitigations.
Update May16th: Apparently Intel tried to swipe the issue under the rug with a generous donation to the researchers.
The issue at hand here, defined by Intel's pretty tame MDS, is that like other side-channel attacks, exploits may allow hackers to obtain information that was otherwise deemed secure, had it not been run through the CPU's speculative execution processes. While Meltdown read sensitive information that was being stored in memory due to the speculative execution functions on Intel's CPUs, MDS attacks read the data on the CPU's various buffers - between threads, along the way to the CPU cache, and others. The researchers say that this flaw can be used to siphon data from the CPU at a rate that can approach real-time, and can be used to selectively pull what information is deemed important: whether it's passwords or what websites the user is visiting at the moment of the attack, it's all fair game.
Intel says that significant software changes will be needed to harden systems against this exploit, not only from themselves, but from operating system vendors and third party app creators. One of the proposed solutions is that every time a processor would switch from one third-party app to another, from a Windows process to a third-party app, or even from less trusted Windows processes to more trusted ones, the buffers have to be cleared or overwritten. This means a whole new cycle of data gathering and writing beings every time you call up a different process - and you bet that carries a performance penalty, which Intel is putting at a "minimal" up to 9%.
Intel detailed the vulnerability in its whitepaper and admitted that disabling HT might be warranted as a protection against MDS attacks - and you can imagine how much the company must have loathed to publish such a thing. Intel's HT has been heavily hit by repeated speculative execution flaws found on Intel processors, with mitigations usually costing some sort of performance on Intel's concurrent processing technology. Intel says its engineers discovered the MDS vulnerabilities last year, and that it has now released fixes for the flaw in both hardware and software. Although obviously, the software fixes will have to be deployed either on microcode updates or will have to be implemented by every operating system, virtualization vendor, and other software makers.
Intel also said that its 8th and 9th generation processors already include the hardware mitigations that defeat the exploitation of MDS, but previous architectures back to Nehalem are vulnerable. But why play it on expectations: you can take a test that has been published by the researchers right here.
The CVE codes for the vulnerabilities stand as such:
Sources:
Wired, MDS Attacks Test
The flaws have been announced by Intel in coordination with Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. While some of the parties involved have named the four identified flaws with names such as "ZombieLoad", "Fallout", and RIDL, or "Rogue In-Flight Data Load", Intel is using the PEGI-13 "Microarchitectural Data Sampling (MDS)" name.
Update May16th: Apparently Intel tried to swipe the issue under the rug with a generous donation to the researchers.
The issue at hand here, defined by Intel's pretty tame MDS, is that like other side-channel attacks, exploits may allow hackers to obtain information that was otherwise deemed secure, had it not been run through the CPU's speculative execution processes. While Meltdown read sensitive information that was being stored in memory due to the speculative execution functions on Intel's CPUs, MDS attacks read the data on the CPU's various buffers - between threads, along the way to the CPU cache, and others. The researchers say that this flaw can be used to siphon data from the CPU at a rate that can approach real-time, and can be used to selectively pull what information is deemed important: whether it's passwords or what websites the user is visiting at the moment of the attack, it's all fair game.
Intel says that significant software changes will be needed to harden systems against this exploit, not only from themselves, but from operating system vendors and third party app creators. One of the proposed solutions is that every time a processor would switch from one third-party app to another, from a Windows process to a third-party app, or even from less trusted Windows processes to more trusted ones, the buffers have to be cleared or overwritten. This means a whole new cycle of data gathering and writing beings every time you call up a different process - and you bet that carries a performance penalty, which Intel is putting at a "minimal" up to 9%.
Intel detailed the vulnerability in its whitepaper and admitted that disabling HT might be warranted as a protection against MDS attacks - and you can imagine how much the company must have loathed to publish such a thing. Intel's HT has been heavily hit by repeated speculative execution flaws found on Intel processors, with mitigations usually costing some sort of performance on Intel's concurrent processing technology. Intel says its engineers discovered the MDS vulnerabilities last year, and that it has now released fixes for the flaw in both hardware and software. Although obviously, the software fixes will have to be deployed either on microcode updates or will have to be implemented by every operating system, virtualization vendor, and other software makers.
Intel also said that its 8th and 9th generation processors already include the hardware mitigations that defeat the exploitation of MDS, but previous architectures back to Nehalem are vulnerable. But why play it on expectations: you can take a test that has been published by the researchers right here.
The CVE codes for the vulnerabilities stand as such:
- CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
104 Comments on Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs
Granted, the performance loss won't be as noticeable for us average users but if you're operating a data center or cloud computing infrastructure the likes of Microsoft Azure, Amazon AWS, etc. then Intel is going to be in for a world of hurt. Big companies tend to not take "oh well, you lost some performance" as nicely as you or I. If a cloud computing infrastructure suddenly needs to install 25% more computing hardware due to performance loss that's going to result in them having to use more power and get more/bigger air conditioners which of course is going to require more power which of course means more cost and more expensive services for the end user. Not good at all.
That said, if someone is gamer and doesnt expose themselves to any threat, there is no reason to actually care about these attacks more than any kind of malware, virus, trojan and so on.. Its just not really important for normal user or player.
I am not moved by all the comments that downplay these various vulnerabilities. We can debate these specific ones but should also assume that there are more. There is a lack of oversight to prevent bad security design. It's ridiculous to have to rely on random third parties like Google and CTS to find out what the vulnerabilities are. We have serious vulnerabilities going back to Nehalem and are just now being informed about them?
There is a lot wrong with the situation. We need to have a government agency devoted to providing security to the public, one that is completely walled off from spycraft and policing — with the exception of the spy agencies being required to provide all data on vulnerabilities to said security research/publicity agency. Given the massive breaches of things that the public is supposed to trust, like credit raters, things are not working with the laissez-faire approach. Congress needs to change its mindset, where it's a scandal for "private" e-mails to be handled "insecurely" and, simultaneously, the public is patronizingly lectured by Wired writers that they should never expect to have the slightest shred of privacy for e-mail nor anything else. This kind of monarchic mentality is failing in our globalized networked world.
AMD's approach isn't perfect or it wouldn't be affected by Spectre-like attacks but it's certainly better then Intel's because there's quite a few of these speculation based attacks Intel's susceptible to while AMD's not.
In fact, for all we know, baked-in vulnerabilities were seen as seriously useful — perhaps a bit like AMD's modern black box inside Zen. It wouldn't surprise me one bit if the US has custom vulnerabilities added to products. We find out about the old ones and are encouraged to buy the latest ones. Everyone wins except ordinary people. Perhaps in a world without obvious spycraft this would be paranoid thinking.
Since we don't have the kind of agency/agenda that I outlined above, we are treated to the "who knows?" laissez-faire lifestyle, where people like Snowden give us occasional glimpses of what's behind the mirror. If we were to gain said agency and it were to remain uncompromised then we would be in a far better position to know what the state of security is.
Of course it took a while, this whole category of attacks is fricking bizzarely genius. It took a long time just for someone to think to try it.Spectre class attacks affect both. I am unsure about Meltdown beyond ARM and Intel. MDS is Intel-only.I really do not see this helping at all.
The fact that we're in this shabby laissez-faire state suggests that it's in the interest of those in power.
trparky, the importance of security isn't something people just discovered.
Now that we've seen that that kind of marketing thinking is not a good idea and that performance at all costs is a really bad way of doing things, perhaps we won't be seeing the same kinds of exploits in future architectures.
The AMD blackbox psp is not new. We've had Intel ME for like, forever. If the NSA wants toys it'd use these and there isn't even evidence to support that.I don't blame anyone. This is literally a way of attacking that is incredibly bizzare, and the world has never seen it before. You simply could not have seen it coming and the only reason Intel is the first casualty is size.
It's hardly the case, particularly in our very laissez-faire state, that we have all data/knowledge about the state of security, the kind of knowledge that our representatives have.Citation needed. This is simply speculation.
And, if you don't think the agency I described, that would be devoted to providing security for the public instead of merely spycraft and policing, will do anything significant to enhance the situation what do you propose? Continuing to rely on random third parties with their own agendas like Google and CTS? Hoping that no one but saints have the knowledge of vulnerabilities that have been around so long.
The black box AMD Zen thing is something you said you don't like. Well, without my agency to publicize the state of security for the public and have oversight mechanisms to ensure better practices, how are you going to do anything about it? Complaining isn't going to accomplish anything.
More here for my thoughts and background:
www.techpowerup.com/forums/threads/asrock-z370-z390-taichi-and-some-others-actively-modding-firmware-with-intel-management-engine-disabled.243939/
This project is on hold, yes, but I stay sharp. Clients pay me for commercial "firmware nuetering." I daresay paranoia works to my advantage but that is no reason to encourage it.
The bottom line is that we can be satisfied with hoping that our interests are being represented or we can demand security that we are able to fully trust, because the knowledge and oversight are mandated and delivered. The establishment of the EPA massively reduced pollution. We could have, though, been content with the promises made by the polluters.
They'll be releasing benches since Spectre / Meltdown in the coming days.
Let's see how some defending Intel respond to this :rolleyes:
HT disabled will hurt on any platform. Unless you game, then its kinda non-issue. :D