A major vulnerability, dubbed Downfall, has been found lurking in most Intel chips designed over the past decade, and if cybercriminals find a way to exploit it, a lot of people could be in trouble.
This is the conclusion of cybersecurity researcher named Daniel Moghimi, who works at the University of California, San Diego, as well as at Google (as a Senior Research Scientist), who last year discovered a way for programs and apps to read data belonging to other apps – data they’re not supposed to be able to read. As explained, modern processors have a feature called “register buffer” which stores some data in order to run certain operations faster. That data can include, for example, a password to a banking service.
By being able to tap into the data held in this register buffer, threat actors could steal this data, and possibly cause havoc inside victim’s systems. The consequences easy to imagine.
Analysis: Why does it matter?
“When you have a vulnerability like this, essentially this software-hardware contract is broken, and the software can access physical memory inside the hardware that was supposed to be abstracted away from the user program,” Moghimi told CyberScoop in an interview. “It violates a lot of assumptions we make in general about operating system security.”
In other words, if the vulnerability turns out to be as dangerous as Moghimi claims it to be – it could completely change the tech industry. After all, Intel has sold billions of these chips in the last decade.
The full list of affected devices can be found here, but to save you the trouble, it affects plenty of chips used in servers. The basic premise of public cloud offerings is that multiple companies can use the same servers to store data, run apps in the cloud, and more. If these devices are susceptible to Downfall, that means that hackers capable of exploiting it will have a field day, stealing sensitive information from numerous high-profile organizations around the world.
However, getting to the point of stealing data is a lot harder than it seems, particularly if you ask Intel. Even though the company was quick to acknowledge the flaw, it added that it was found “within the controlled conditions of a research environment,” adding that an “attack would be very complex to pull off outside of such controlled conditions.” It was also added that newer Intel chips, such as Alder Lake, Raptor Lake, and Sapphire Rapids, were not susceptible.
The flaw exists, researchers argue, because original equipment manufacturers (OEM) such as Intel constantly strive to improve hardware performance. When the hardware itself can no longer provide that improvement, and Moore’s law can no longer be honored from a hardware perspective, they turn to more creative solutions. Consequently, any fix to the problem will also come at the expense of performance. Intel did release a microcode fix, with the company spokesperson claiming “most workloads” won’t experience a performance decline. Vectorization-heavy workloads, on the other hand, might be affected. The company gave the flaw a medium severity rating.
Moghimi says Downfall could be used to steal encryption keys and passwords. In fact, he built a way to steal 128- and 256-bit AES encryption keys. Intel says there’s no evidence of the flaw being used in the wild.
What have others said about the flaw?
Commenting on the findings on Cyberscoop, Trey Herr, who directs the Atlantic Council’s Cyber Statecraft Initiative, likened Downfall to the dreaded Meltdown and Spectre vulnerabilities which made tectonic shifts in the cybersecurity industry:
“While the mechanism is quite different, this technique has echoes of Meltdown/Spectre in that it exploits another workaround Intel has used to speed up the affected chips,” said Trey Herr, who directs the Atlantic Council’s Cyber Statecraft Initiative. “It shows the challenge Intel and others have had trying to cushion the blow of Moore’s Law coming to an end.”
Herr also stressed how optimization features will always be a liability: “Whenever you have an optimization feature on the CPU, there is always a chance that those optimizations may introduce vulnerabilities,” he said.
While the media were mostly reporting on Moghimi’s findings, Reddit was abuzz with comments and discussions. In one of many topics posted about Downfall, users discussed the dangers of speculation in computing and whether or not technology would be better off without it. Most users, however, agree that speculation is a good idea and should definitely be kept:
“Unfortunately without speculation we’d probably not have had a 50% performance gain to erase in the first place,” said one user. “I model cpu architectures for a living. So I can say without speculation that computing without speculation would suck,” said another.
Some users said that if speculation was out of the picture, software developers would adapt. Others said it would unnecessarily complicate things: “There is nothing fundamentally wrong with the idea of speculation. It can be done safely,” says one user. “But it’s not easy to retrofit that safety on after the fact, or prove an existing design is safe.”
To learn more about, make sure to read our article on Spectre and Meltdown. You should also check out our list of the best malware removal tools, as well as best firewalls. Also, don’t forget to read our in-depth guide on the best endpoint protection right now.