Researchers have broken Intel's Software Guard Extensions, System Management Mode, and x86-based virtual machines.
They're deeply embedded in the fundamental design of recent generations of CPUs. So it shouldn't come as any surprise that yet another major Intel chip security problem has been discovered: Foreshadow.
According to the researchers who found it, "Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third-party clouds. Foreshadow has two versions, the original attack designed to extract data from Software Guard Extensions (SGX) enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory."
In a word, this means: "Trouble." Ironically, SGX protected code and data from disclosure, modification, or attack.
So, how bad is this really? Bad. Intel admits the Foreshadow bugs can be used to create:
- Malicious applications, which may be able to infer data in the operating system memory, or data from other applications.
- A malicious guest virtual machine (VM) may infer data in the VM's memory, or data in the memory of other guests VMs.
- Malicious software running outside of SMM may infer data in SMM memory.
- Malicious software running outside of an Intel SGX enclave or within an enclave may infer data from within another Intel SGX enclave.
Or, as Yuval Yarom, a research associate at the University of Adelaide, one of the researchers who discovered Foreshadow, tweeted, the SGX security hole can lead to a "Complete collapse of the SGX ecosystem."
Jon Masters, Red Hat ARM Computer Architect, added that Foreshadow "is a significant threat to virtualized environments, especially those that contain a mixture of trusted and untrusted virtual machines."
Intel was notified of the first bug on Jan. 3, 2018. Intel then identified two closely related variants, Foreshadow-Next Generation (NG). Intel calls this entirely new class of speculative execution side channel vulnerabilities "L1 Terminal Fault" (L1TF).
This all springs from Intel's desire to make chips run effectively faster. To do this, Intel, along with ARM and AMD, uses a mix of pipelining, out-of-order execution, branch prediction, and speculative execution to run the next branch of a program before it's called on. This way, no time is wasted if your application goes down that path. Unfortunately, chip makers' performance implementations came with fundamental security flaws.
According to Intel, to exploit Foreshadow, the attacker must have the ability to run code on the targeted systems. Nevertheless, CVE-2018-3615, which hits at SGX, has a Common Vulnerability Scoring System (CVSS) Base Score of 7.9 that is ranked as highly dangerous. The other holes include CVE-2018-3620, which impacts operating systems and System Management Mode (SMM) running on Intel processors has a CVSS of 7.1, and CVE-2018-3646, which impacts virtualization software and Virtual Machine Monitors (VMM) running on Intel processors and has a CVSS of 7.1. All these scores are high enough that they demand you must patch these holes as soon as possible.
The good news is, Intel's Leslie Culbertson, Intel VP and general manager of Product Assurance and Security, has said, "I will address the mitigation question right up front: Microcode updates (MCUs) we released earlier this year are an important component of the mitigation strategy for all three applications of L1TF."
But, and it's a big one, the microcode update by itself isn't enough. You must also update your operating system and VM hypervisor to be safe. The patches are now available for most operating systems.
On the plus side, no one's seen an attack in the wild... yet.
Red Hat strongly recommends to mitigate the problem, you manually enable Linux specific kernel parameters or potentially disabling features like Intel hyperthreading, after the available updates have been applied.
That's drastic. Oracle's director of security assurance, Eric Maurice, warns disabling hyperthreading alone is insufficient for mitigating all Foreshadow vulnerabilities, while simultaneously disabling HT will result in significant performance degradation.
On a cloud or datacenter with multiple unpatched VMs -- which is pretty much all of them today -- you could have malicious VMs spying on information inside another VM. That's both a technology and legal nightmare scenario. Therefore, performance hit and all, you may want to consider disabling hyperthreading.
The real fix to all these problems, Intel admits, is by replacing today's processors. "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year."
In the meantime, keep patching and keep a close eye on the balance between security and performance. We're far from done yet with the Spectre, Meltdown, and Foreshadow class of problems.
Hello, my name is Mohd Azahar. I'm a self-employed Pivrate from the India.
There are certainly a lot of details like that to take into consideration. That is a great point to bring up. I offer the thoughts above as general inspiration but clearly there are questions like the one you bring up where the most important thing will be working in honest good faith. I don?t know if best practices have emerged around things like that, but I am sure that your job is clearly identified as a fair game. Both boys and girls feel the impact of just a moment’s pleasure, for the rest of their lives.
ReplyDeleteIgnitiondeck.com
Website
Information