A team of researchers from Tsinghua University, the University of Maryland, and the Beijing University of Posts and Telecommunications has discovered a new vulnerability in Intel CPUs that can allow data leakage through the EFLAGS register, as per a press release.
Computer processors by US technology company Intel are pictured on January 5, 2018, in Paris. - As tech giants race against the clock to fix major security flaws in microprocessors, many users are wondering what lurks behind unsettling names like "Spectre" or "Meltdown" and what can be done about this latest IT scare.
The flaw permits intruders to use timing analysis to decipher code that they would not have access to, according to the research team.
The EFLAGS register is part of a computer's central processing unit (CPU) that stores information about the state of the CPU and the results of previous instructions. It helps the CPU to make decisions and execute instructions.
Side-channel Vulnerability
The newly discovered side-channel vulnerability is different from previous ones because it does not rely on the cache system, which makes it harder to detect. The team combined this vulnerability with a Meltdown attack to showcase its impact on several Intel CPUs.
Yu Jin, a co-author of the paper, stated that the complexity and aggressive optimization of modern CPUs with their numerous microarchitectural features contribute to various security issues, including side-channel attacks.
These attacks exploit non-code-related patterns, such as timing, power consumption, and electromagnetic and acoustic emissions, to gain unauthorized access to computer systems.
It must be noted that a side-channel attack is a method of breaking into a computer system by exploiting weaknesses in the physical characteristics of the system, such as power consumption or electromagnetic radiation, rather than by directly attacking the software or hardware.
By analyzing these physical characteristics, an attacker can extract sensitive information, such as passwords or encryption keys, from the system.
Read Also: Intel, CrowdStrike, and Zscaler Unveil Compatible Solutions for Zero Trust Security
Root Cause
According to Yu Jin, the root cause of the vulnerability is not yet fully understood, but he suggested that a buffer in the execution unit of the Intel CPU may be involved. This buffer needs time to revert if the execution is withdrawn, causing a stall if the following instruction relies on it.
Jin also noted that this vulnerability requires other transient execution attacks to carry out a real-world attack.
Nevertheless, he believes that the new side-channel attack is worth further exploration, as it may shed light on new microarchitecture attacks and provide a new way to develop side-channel attacks in cache side-channel resistant CPU.
In recent years, these types of attacks, such as Meltdown, Spectre, Fallout, and Zombieload, have become more common.
The team showcased that the security loophole impacts CPUs such as Intel Core i7-6700, i7-770, and i9-10980XE.
Moreover, they revealed that the Intel 11th generation CPUs exhibit greater resistance to these attacks, and the new 13th generation vPro processors from Intel offer even stronger protection against side-channel attacks.
The findings of the team were published in arXiv.
Related Article: Intel, ARM to Bring New Smartphone Processors to Power Your Devices-What to Expect
