from the hyperthreading-not-worth-the-hype? dept.
Researchers Exploit Another Intel Hyper-Threading Flaw
Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel's Hyper-Threading (HT) technology that attackers could use to steal users' encrypted data, as reported by ZDNet today.
Other CPUs that use Simultaneous Multithreading (SMT) technology may also be affected by the bug, but so far only Intel's HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core. Intel enables two threads per physical core with its HT technology.
[...] The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT's parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.
The researchers also made available the proof of concept (PoC) for the attack, showing that it is indeed feasible and not just theoretical. This PoC can now also be re-purposed and modified by attackers to launch a real attack against owners of systems using Intel CPUs.
Also at Ars Technica and The Register.
Related: OpenBSD disables Intel's hyper-threading over CPU data leak fears
TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit
OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
Related Stories
Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about
Intel has, for now, no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications.
A team of researchers at the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, say they were able to leverage the security weakness to extract crypto keys from another running program in 99.8 [percent] of tests on an Intel Skylake Core i7-6700K desktop CPU; 98.2 percent of tests on an Intel Broadwell Xeon E5-2620 v4 server CPU; and 99.8 per cent of tests on a Coffeelake part.
Their code was able to lift a secret 256-bit key, used to cryptographically sign data, from another program while it performed a signing operation with libgcrypt's Curve 25519 EdDSA implementation. It took roughly 17 seconds to determine each of the keys using machine-learning software and some brute force, according to a paper detailing the attack, seen by The Register this week.
[...] The extraction technique is not reliant on speculative execution, and thus is unrelated to Spectre and Meltdown. Instead, it builds upon the exploitation of Intel's Hyper-Threading technology and the processor caches to leak data, which is a known security problem with its own mitigations.
[...] [Ben] Gras also believes AMD's hardware threading technology in its latest Zen processors – Ryzen, Threadripper, and Epyc – are at risk from TLBleed, as the CPU cores can also each run multiple threads simultaneously just like Intel parts. A spokesperson for AMD had no comment.
Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says.
The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs.
Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)".
But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."
Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results.
The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or 'L1 Terminal Fault' (L1FT) flaw speculative attacks.
"You will not, and will not allow any third party to ... publish or provide any software benchmark or comparison test results," Intel's new agreement states .
[...] Another section of the license blocking redistribution appears to have caused maintainers of Debian to withhold Intel's patch too , as reported by The Register.
[...] Updated 12:15pm ET, August 23 2018: An Intel spokesperson responded: "We are updating the license now to address this and will have a new version available soon. As an active member of the open-source community, we continue to welcome all feedback."
(Score: 2) by Runaway1956 on Saturday November 03 2018, @06:05PM (2 children)
High tech is great. Not only can we exploit a system, but we can repurpose the exploit for other purposes.
(Score: 2) by DannyB on Saturday November 03 2018, @07:19PM (1 child)
The porpoises for which the exploit is reporpoised expect free fish to be included with the exploit. If no fish, then zsh is 2nd choice.
All of Intel's performance enhancement drugs not only don't work (in bed), did not help Ballmer, but also make the system insecure due to information leakage.
In the future, how about a simple, secure, and understandable architecture without 4 decades of legacy baggage needed to boot MS-DOS 1.0.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Sunday November 04 2018, @07:18AM
Any new system will be designed by low quality cheap labor which will finish the design on deadline. The system will be much slower and more insecure than anything before it and will not be able to be fixed. It will be used anyway because otherwise feelings would be hurt of the low quality cheap labor. Example: user interface designers and their useless designs
And the new system will also be compromised to the core by devil's rejects. So there is nothing to gain from a new design. On the positive note, get Russians, Europeans to design it and then it could work.
(Score: 0) by Anonymous Coward on Saturday November 03 2018, @06:53PM (2 children)
Didnt they check amd?
(Score: 0) by Anonymous Coward on Saturday November 03 2018, @07:31PM (1 child)
Why check when you can assume and just say "probably also affected?!"
I really wish I was joking.
(Score: 2) by takyon on Saturday November 03 2018, @08:54PM
But Intel said it!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by looorg on Saturday November 03 2018, @08:41PM (13 children)
I wonder how many more flaws they can find before these CPU:s are just considered to be FUBAR and work has to start fresh on something new.
(Score: 3, Informative) by takyon on Saturday November 03 2018, @08:55PM (1 child)
Multicore abaci are going to sell like hotcakes.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Sunday November 04 2018, @10:40AM
Gonna buy me some stock.
(Score: 2) by SomeGuy on Saturday November 03 2018, @10:18PM (7 children)
I though most people agreed Intel architecture was FUBARed a long time ago.
Time to jump ship to Power9?
(Score: 0) by Anonymous Coward on Sunday November 04 2018, @12:48AM
It's been time, I'm just hoping there's a reasonably-priced chip on the market sometime soon. Mobile is fucked all the way around right now though.
(Score: 4, Interesting) by looorg on Sunday November 04 2018, @01:05AM (4 children)
I was certain in the 80's that 68k was the awesome sauce. When I first experienced x86 I wonder what deranged muppet came up with that shit ... 35+ years later and it is still an Intel world. Clearly some people just didn't get the message.
(Score: 0) by Anonymous Coward on Sunday November 04 2018, @03:37AM (2 children)
The Amiga will rise again! If only because it's not subject to exploits (because no one's tried yet)!
(Score: 0) by Anonymous Coward on Sunday November 04 2018, @04:08PM (1 child)
There's FPGA 68k implementations for the Amiga doing 100mhz out there. Vampire board is what they called I think.
(Score: 2) by looorg on Sunday November 04 2018, @04:32PM
I'm still holding out for there to be a A4000 vampire like board that will take the new CPU, as far as I know the Vampire boards seem to be only for the A1200 and I can not recall reading any news about something about this for the larger machines -- but I could have missed it. When that comes I'm fairly tempted to bring the Amiga out again, fix all the hardware issues mine had when I put it away such as the clock battery is gone (I soldered it off the board before I put it in storage) and the PSU unit is bad.
(Score: 2, Informative) by Anonymous Coward on Sunday November 04 2018, @08:25PM
What happened was that:
A) Motorola could not scale their cores as well as Intel could.
B) People stopped programming in machine code.
All this made the x86 that much more acceptable.
Never mind that Microsoft convinced Intel to maintain backwards compatibility even as x86 went from 16 bit to 32 bit.
This meant that people could run the same software on a modern Windows install as on a old DOS one. Leading to quite the captive audience.
By comparison the original 68k didn't have a MMU (nor did the 8086, but that is a sidetrack). And when later ones introduced one, it broke compatibility with older 68ks.
(Score: 2) by eravnrekaree on Sunday November 04 2018, @03:56AM
POWER is also likely affected by the general SPECTRE bugs. The bugs have nothing to do with the ISA but rather how parallelization and so on is implemented in the CPUs microcode, and most CPUs use the same general techniques to do it. For the most part, Intel ISA does make since, its no worse than POWER or others.
(Score: 2) by toddestan on Sunday November 04 2018, @02:14AM (1 child)
Intel has already removed Hyperthreading from a lot of their recent CPU's. Though whether that's a response to security issues or Intel just playing market segmentation games isn't clear.
(Score: 2) by takyon on Sunday November 04 2018, @03:20AM
It's quite obviously due to market segmentation. They are messing around with thread counts now that they have 6 and 8-core mainstream CPUs on the table.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday November 05 2018, @06:42PM
work has started. it's called riscV
(Score: 1, Funny) by Anonymous Coward on Sunday November 04 2018, @04:38PM
The Finns? Bomb them!