Intel processors vulnerable to more data theft attacks

(Image credit: Shutterstock)

Researchers at the University of Illinois have discovered a new vulnerability in Intel CPUs that makes them vulnerable to side-channel attacks.

Examining Intel’s CPU ring interconnects, the trio, doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, discovered that the rings can be exploited for malicious purposes.

“It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register, adding that since "the attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures,” it can’t be mitigated with the existing defenses for side-channel attacks.

More Intel flaws

The researchers will present their findings later in the year at the USENIX Security 2021 conference.

The trio believe their new side-channel attack vector could leak encryption keys along and were also reportedly able to demonstrate the ability to monitor keystroke timings, which can be used to reconstruct typed passwords

The attacks were tested on Intel Coffee Lake and Skylake CPUs, and it isn’t clear whether the attack vector will work on newer Intel Xeon’s. 

For its part, Intel supported the researchers in their endeavor, but isn’t overly worried about their discovery. In fact it has clubbed their new attack vector alongside existing side-channel attacks.

"They treat this class of attacks differently than the class of 'speculative execution / transient execution attacks' (like Spectre, Meltdown, etc.). That is, they do not consider traditional side channel attacks as significant value for an attacker and they already published their suggested guidance on how to mitigate them in software,” shares Paccagnella.

Via: The Register

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.