Credit: CC0 Public Domain
Add one more vulnerability to the list of side-channel attacks that have long dogged Intel CPUs.
Researchers from Beijing University of Posts and Telecommunications, Tsinghua University, and the University of Maryland have discovered an Intel processor fault that was previously undiscovered and allows data leakage through the EFLAGS register. Published on the arXiv preprint server is their work.
This new exploit doesn’t rely on the cache mechanism, in contrast to a number of other side-channel vulnerabilities. Instead, time analysis of transitory executions is the main focus. Such attacks are harder to detect using this strategy.
Co-author Yu Jin stated that a modification to the EFLAGS register during temporary execution may cause following JCC instructions to execute more slowly. The paper was published last week. The flaw, which the group combined with a Meltdown assault, makes it possible for hackers to utilize timing analysis to decode code it would otherwise not have access to.
The group used Intel Core i7-6700, i7-770, and i9-10980XE CPUs to demonstrate the vulnerabilities.
Jin stated, “The increasing complexity and aggressive optimizations of modern CPUs, with their many microarchitectural features… are the root cause of many security issues, including side-channel attacks.”
Side-channel assaults can take many different shapes. These are not viruses; rather, they are incursions into computer systems that are made possible by analyzing patterns unrelated to coding, like time, power usage, and emissions of electromagnetic and acoustic waves.
A 2020 interview with Daniel Genkin, a professor at the University of Michigan, revealed, “Typically, when we develop an algorithm, we think about inputs and outputs. We do not consider other events that may arise during program execution. However, computers rely on physics to function—not on paper. There are many different physical impacts that computation has as you move from paper to physics, including time, power, and sound. In order to obtain additional data and uncover the algorithm’s secrets, a side channel takes use of one of those consequences.”
Recent side-channel attacks include Zombieload, Meltdown, Spectre, and Fallout.
According to the team, they are unsure of the vulnerability’s precise cause.
“The root causes of this attack are still not fully understood,” Jin stated. “We assume that if the execution needs to be withdrawn, there is a buffer in the Intel CPU’s execution unit that needs some time to return. If the target of the buffer is required for the subsequent instruction, this withdrawal process will stall.”
Jin said that in order to carry out “a real-world attack,” this vulnerability depends on further transient execution techniques.
“But it is still a new side-channel attack and worth further exploration,” he stated. “This attack may bring insight for new microarchitecture attacks and give a new way to build side-channel attacks in cache side-channel resistant CPU.”
It seems that Intel’s 11th generation CPUs are more resilient to these kinds of attacks. Furthermore, the 13th generation vPro processors from Intel come with more robust side-channel attack defenses.