New Security Flaw Discovered in Intel Products - Ominously Named "Foreshadow"
This hasn’t been a great year for Intel so far, case in point all the speculation concerning a security flaw in its processors.‘Foreshadow’, or L1TF (Terminal Fault) is a security vulnerability that takes advantage of a feature called Speculative Execution. It was first discovered by two sets of researchers in January 2018.Two security threats Meltdown and Spectre had caused lots of trouble to the company earlier this year, and this new one is somewhat similar to them. Speculative execution is widely used in most modern processors to enhance performance. The concept requires assuming succeeding instructions, instead of waiting for the previous one to be executed. If the prediction comes out correct, it saves on the execution time, otherwise they get rejected. The trouble that comes with this is that it leaves traces to the contents of protected memory that can be later exploited using sophisticated malware.
Foreshadow affects the Intel software guard extensions (SGX) which is designed to increase the security of application code and data, keeping it from disclosure or modification. It makes such protections possible through the use of enclaves, which are protected areas of execution in memory.Surprisingly, while these enclaves were designed to be infallible, a group of researchers found a way for an attacker to steal the information it stores. According to them, the attackers can create shadow-copies of the secure enclave protected data, and then read the contents of those copies. Users can also be fooled into sending their private data to these fake accounts.
This was just a part of the problem. Intel discovered two other troubles of the Foreshadow vulnerability, naming it foreshadow – NG (New Generation). The mode of attack is still based on a processor core’s L1 cache, but rather than just affecting the SGX technology, these newly discovered complications also affects memory uses.
The first vulnerability of the Foreshadow-NG can grab data from memory used by the operating system kernel. This core has access to all data stored in memory, including every app and program installed on the machine. Although, in order to access the PC, the hacker must use a malicious program to steal that data.
Another aspect of this vulnerability is that it also allows access to data used by the System Management Mode (SMM), which is installed in all modern processors. The PC’S firmware uses this mode to implement Advanced Power Management systems and control the hardware. Again, to steal this data, the hacker must have access to your PC with guest privileges to run malicious software.
The second vulnerability is used to attack virtual machines. A virtual machine isn’t a real computer, but an emulation of a computer system. They are based on computer architectures, and provide functionality of a physical computer. A hypervisor or virtual machine motor (VMM) is what drives a virtual machine, and helps ensure that there isn’t any data leaks. However, the researchers claim that a malicious virtual machine might be able to break through the boundary, which puts the user’s data at high risk.
“A malicious virtual machine running inside the cloud can potentially read data belonging to other virtual machines as well as data belonging to the cloud’s hypervisor,” as explained by the research team. (https://www.digitaltrends.com/computing/what-is-foreshadow/)
THE AFFECTED PRODUCTS
Unit the recent Foreshadow-NG was discovered, the original foreshadow vulnerability concerned only the SGX-enabled Intel processors. These include all 6th and 7th generation Core processors but the Atom processors that support SGX. Processors made by AMD, as well as chips based on ARM’S processor core design (Tegra, Snapdragon, Enyos, et al) also managed to stay unaffected, even with the Foreshadow-NG -but the onset of which, sure put a dent on Intel’s credibility.
The list of its affected products is long. It covers 2nd to 8thgeneration Intel Core processors, X-Series chips for the X99 and X299 platforms, Xeon processors ranging from the 32400 Series to the Xeon Processor Scalable Family, along with the others.
As long as you keep your systems up to date, you should not be prone to the attacks. Microcode updates released by Intel are an important component of the mitigation strategy for all three applications of L1TF. When coupled with corresponding updates to operating system, and hypervisor software from industry partners and the open source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need.
“We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices,” Intel says. “This includes keeping systems up-to-date and taking steps to prevent malware.” (https://in.reuters.com/article/cyber-intel/intel-discloses-three-more-chip-flaws-idINKBN1KZ28A)
However, Intel believes that a more permanent fix to the problem would be to replace today’s processors. "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year." (https://www.zdnet.com/article/beyond-spectre-foreshadow-a-new-intel-security-problem/)