back to article Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

Chip-busting boffins in America have devised yet another way to filch sensitive data by exploiting Intel's processor design choices. Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU …

  1. Richard Boyce

    Another nail in the coffin of x86?

    These researchers shouldn't have had to reverse engineer this stuff; it only obscured the security problem. As with software, the more open the design, the better for security. This isn't rocket science.

    1. stiine Silver badge

      Re: Another nail in the coffin of x86?

      Not if they examine ARM and find its worse.

      1. YetAnotherJoeBlow Bronze badge

        Re: Another nail in the coffin of x86?

        "Not if they examine ARM and find its worse."

        Please enlighten me.

        1. Snake Silver badge

          Re: enlighten me

          They didn't test ARM. They didn't even test AMD, so we have no idea if this attack is cross platform. What they did, essentially, is what all attackers have done so far: attack the target with the largest footprint, e.g. Windows vs MacOS. It's not that MacOS / AMD is not 100% bulletproof, it was simply not "good" enough for them to target-test.

          The future may hold different results, if they bother that is.

    2. Flocke Kroes Silver badge

      Re: Another nail in the coffin of x86?

      Not really.

      This is not a CPU core problem. It is a problem with the way Intel CPU cores share access to memory. You could create the same problem with ARM cores by connecting them to memory with a ring network like Intel uses in older generation chips. You could eliminate the flaw (or at least make it harder to exploit) by connecting cores to memory with a mesh network.

      One of the amazing things about x86 is that an army of robots with nail guns have so far been insufficient to keep its coffin lid shut.

      1. Richard Boyce

        Re: Another nail in the coffin of x86?

        I didn't make my point well.

        These cores from Intel, (and I assume AMD) are coming with a lot of extra stuff that's both poorly documented and proving to be a security headache. It seems to this layman that the ARM ecosystem is inherently more open because of the way things are licensed, thus allowing a lot of early scrutiny by independent people.

        1. Phil O'Sophical Silver badge

          Re: Another nail in the coffin of x86?

          allowing a lot of early scrutiny by independent people.

          It might allow for it, but does it happen?

    3. Peter2 Silver badge

      Re: Another nail in the coffin of x86?

      Another nail in the coffin of x86?

      So this works on AMD x86 processors, or just the Intel ones? If the latter, then surely it's an Intel problem as opposed to an x86 problem?

      1. heyrick Silver badge

        Re: Another nail in the coffin of x86?

        As with the previous post referring to "not good enough", it's worth mentioning that it appears a lot of reverse engineering at a really low level took place. They picked Intel, they showed the vulnerability. Point made.

        Now it's up to them later, or somebody else, to figure out how to make this work on AMD, ARM, etc.

  2. redpawn Silver badge

    "Intel classified our attack as a 'traditional side channel'

    So don't worry. Tradition is so last week.

    1. b0llchit Silver badge
      Mushroom

      Re: "Intel classified our attack as a 'traditional side channel'

      Translation for those not speaking Intel language: "We'll ignore your findings until we are pressed so hard by the evidence and active exploits that our bottom line is suffering and investors are running away."

      1. bombastic bob Silver badge
        Thumb Up

        Re: "Intel classified our attack as a 'traditional side channel'

        more right than any other perspective, for sure. "Bottom Line" drives _EVERYTHING_.

  3. stiine Silver badge
    Facepalm

    "Part of Intel's advice involves relying on constant-time programming principles [PDF] as a defense against timing-based attacks."

    In other words, slow all of your code down and buy another server

    1. A Non e-mouse Silver badge

      This only applies to the code involved in the level bits of security. And the recommendation has existed for decades.

    2. Anonymous Coward
      Anonymous Coward

      Or, err, maybe go back to the 486 architecture and start over?

  4. This post has been deleted by its author

    1. A Non e-mouse Silver badge

      Re: I am really weird

      The exploits rely on you being able to run your own code on the machine. Xboxes & PS5s don't tend to allow this.

      1. SuperGeek

        Re: I am really weird

        "The exploits rely on you being able to run your own code on the machine. Xboxes & PS5s don't tend to allow this"

        Xboxes and PS5's use AMD chips, whether these suffer the same we don't know. And, Xbox One X and Series X has a Developer Mode, so you could potentially run your own code using that. I'm not an expert on it though, just a possibility,

    2. Flocke Kroes Silver badge

      Yes, really weird

      Get a job and use the money you earn to pay for the software you want - or play SuperTuxKart.

    3. aje21

      Re: I am really weird

      Current and prior generation consoles use AMD processors - only the original XBox was Intel.

      1. bombastic bob Silver badge
        Meh

        Re: I am really weird

        re: XBox 360 processor - I thought they were Power PC CPUs though...

        https://en.wikipedia.org/wiki/Xenon_(processor)

        (not made by Intel as far as I can tell)

        the GPU might be AMD for the early ones. I think later ones had GPU on the CPU, i.e. the XCGPU

        1. aje21
          Boffin

          Re: XBox 360 processor

          Hi Bob,

          Correct about the second generation XBox using PowerPC, but I was talking about the original XBox which used a modified Pentium III processor:

          https://en.wikipedia.org/wiki/Xbox_(console)#Technical_specifications

          GPU back then was green team rather than red team.

  5. Binraider Bronze badge

    An obvious question is this exploit a feature of X86, or the Intel implementation of X86? More research required. You could always turn off HT, or even go so far to shut down those extra CPU cores too...

    1. iron Silver badge

      If you read the article it tells you that the researchers exploited a feature of Intel's ring interconnect. That is Intel technology. AMD x86 and other architectures do not use Intel ring interconnect (also said in the article) so are not vulnerable to this exact attack. However if one reverse engineered their interconnect technology then perhaps AMD x86 and other architectures like ARM would be vulnerable to a similar attack.

      Reading comprehension FTW.

      1. Version 1.0 Silver badge

        Most of these vulnerabilities are a result of manufacturers building what users demand - all users are far more likely to buy "higher performance" items than wonder if the improvements have any security holes.

      2. Binraider Bronze badge

        The article states "managed to figure out the workings of Intel's ring interconnect". This does not clarify if it is applicable to other technologies; therefore my statement stands for more research needed.

        1. prismatics

          Grass is green

          <no body>

        2. Ken Hagan Gold badge

          Intel's ring is not a documented part of the ISA and indeed did not exist in earlier implementations thereof so we can state with 100% confidence that it is not an x86 issue.

      3. bazza Silver badge

        @Iron,

        "However if one reverse engineered their interconnect technology then perhaps AMD x86..."

        So far as this old brain can recall (corrections very welcome!), AMD published HyperTransport, and I think its successor, as open source. They did this to foster / enable novel co-processors based on FPGAs. So, perhaps no reverse engineering necessary.

        My (barely educated) guess is that this kind of weakness might exist in any SMP-faked-on-top-of-NUMA architecture like modern x64 processors. In fact, I'm wondering if it would also be the case for true SMP designs like Intel's old fashioned Netburst (Pentium 4s et al) architecture. There you really would have delays to memory accesses caused by other code - there was just one memory bus...

        I'm wondering if the real fix for this is no SMP whatsoever...

        1. Ken Hagan Gold badge

          "I'm wondering if the real fix for this is no SMP whatsoever..."

          Nah. The real fix for this is to run your own code on your own hardware. Despite decades of marketing hype, and some pretty serious efforts at encrypted computation, it remains true that if you lose physical security, you lose security.

          Given the collapsing costs of actual hardware and the availability of free-as-in-beer operating systems and hypervisors, the movement to renting space in someone else's machine, alongside god-knows-who and at the far end of a long wire, is surely one of the more unexpected trends of recent years.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021