Intel Discloses New Speculative Execution Security Vulnerabilities
Back in January 2018, researchers disclosed a set of vulnerabilities related to the way modern CPUs perform a function known as speculative execution. Spectre and Meltdown were considered serious in part because Spectre represented an entire new class of attacks, not a single isolated attack vector. For much of 2018, the “story” around Intel revolved around its response to these attacks.
Almost a year and a half later, researchers are still searching for similar classes of issues. Multiple new vulnerabilities have broken cover, and they go by various names such as ZombieLoad, RIDL, and Fallout (as named by the researchers). Collectively, Intel summarizes them as MDS — Microarchitectural Data Sampling. RIDL, for Rogue In-flight Data Load, was discovered by researchers at Vrije Universiteit Amsterdam and Helmholtz Center for Information Security. Fallout was found by a group at the Graz University of Technology, KU Leuven, the University of Michigan, and Worcester Polytechnic Institute. ZombieLoad was discovered by Graz, Worcester, and KU Leven.
As a refresher: All of these flaws, including Spectre and Meltdown, are related to how either CPUs in general or Intel CPUs, specifically, perform speculative execution. In the case of RIDL, ZombieLoad, Fallout, and MDS more generally, the flaws highlighted appear to be specific to Intel CPUs. These problems arise because there are differences between a CPU’s architecture (how the CPU is documented to work on paper) and its microarchitecture (how the CPU actually performs operations “under the hood.”) Speculative execution is exactly what it sounds like: The CPU speculates about what operations will need to be performed next, and then performs them in order to have the results ready if they are needed, rather than performing these operations after it knows they’re necessary.
As a matter of architecture, all operations are performed in sequence and the only data retained by the CPU is the data it needs to perform operations. But it’s possible to snoop on the microarchitecture to look for subtle clues as to where data is being stored on-chip, based on timing differences in how long it takes to access information. Measuring those differences can allow attackers to infer the data values stored in cache or in on-chip buffers. Previous Spectre-class flaws have typically focused on leaking data from cache, but the new MDS flaws leak data from buffers — tiny data stores that the chip uses to move data internally.
How Serious Are These Attacks?
There has been a bit of controversy over just how serious these new attacks are, and I’ll honestly say I’m a bit unhappy with how some of this news has been publicized. Some of you may remember last year, when a supposed security research firm, CTS-Labs, appeared to be collaborating with a short seller firm in a blatant attempt to attack AMD’s stock price by publicizing a set of supposedly critical security flaws that the disclosure literally implied could put lives at risk. Absolutely nothing came of these flaws, which the short seller, Viceroy Research, also literally predicted could reduce the value of AMD’s stock to zero. As we discussed at the time, contaminating security disclosures with hyperbolic marketing claims to paint the issues as far worse than they actually were is an emphatically bad idea, regardless of who is being targeted or for what reason.
The situation with Intel is not nearly this bad, but it shows some of the same troubling trends I discussed last year. The researchers chose to publicize their efforts at a website named “CPU.fail“, with scary looking graphics and an FAQ that seems designed more to frighten than inform. When asked if the issues they highlight have been abused in the wild, for example, they simply state: “We don’t know.” But the question of how serious flaws these flaws are in practice is a genuine one.
Thus far, no attacks actually utilizing Spectre and Meltdown have been spotted in the wild, beyond proof-of-concept work submitted by researchers. Similarly, taking advantage of MDS is trickier than this website implies. Attackers can’t directly control what’s in the buffers they target, for example, which means the exploit may leak old, stale data of no interest. Microcode updates for systems with Sandy Lake through Kaby Lake CPUs have already shipped out to customers. First-generation-and-following Coffee Lake and Whiskey Lake CPUs are immune to this attack already. The impact on performance from the fix is estimated to be ~3 percent.
Intel’s official statement says:
Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as it’s one of the best ways to stay protected. We’d like to extend our thanks to the researchers who worked with us and our industry partners for their contributions to the coordinated disclosure of these issues.
Thus far, the tone of the coverage on this issue has varied widely. Wired takes an alarmist tone, arguing that these flaws “allow attackers to eavesdrop on virtually every bit of raw data that a victim’s processor touches” and arguing that the researchers are accurate that these flaws are quite severe. Intel argues that they are of medium to low severity, given the difficulty of pulling them off, the lack of in-the-wild practical attacks, and the fact that both microcode updates and hardware-fixed CPUs are already in-market. As PCMag notes:
[T]he microarchitectural data sampling vulnerabilities disclosed today appear to be more academic at this stage. For now, no real-world attacks involving the chip flaws have ever been encountered and made public. A big reason why is probably because hackers can simply use traditional malware to steal data from your PC rather than resort to tampering with the Intel processor.
The fact that not everyone updates their OS or hardware is a demonstration of how imperfect these solutions are, but these are issues we’ve been dealing with in PC security for as long as we’ve had PCs. Part of the difficulty in deciding how serious a flaw might be is figuring out which experts to listen to. Last year, for example, Theo de Raadt decided to change the default behavior of OpenBSD by disabling Hyper-Threading, viewing it as a fundamental security risk. Other OS vendors have not gone so far as to preemptively disable the feature. Is Hyper-Threading a potential security risk? Yes. Is it a potential security risk that’s severe enough that existing users should disable the feature? Experts literally disagree. The honest answer is: “It depends,” not because anyone wants to be wishy-washy, but because the proper security practices in any given situation depend on one’s threat exposure and the cost of enabling the fixes in question.
How seriously should you take these threats? Seriously enough to patch up, certainly. But past that, the real-world practical implications are still unknown. To date, we have not seen a Spectre or Meltdown attack in the wild that posed a threat to Intel CPUs (or anyone else’s CPUs) of any generation. That does not mean one cannot happen, and it doesn’t absolve Intel of the responsibility to secure its products. But it also doesn’t mean invisible hackers are rifling through your pockets right now via hardware attacks you aren’t aware of. Not every security vulnerability becomes a practically exploited avenue of attack. So far, these attacks have not.