Home Security Ex-NSA hacker says new Intel bug will need 'ton of work' to fix
Jake Williams: "...it's ridiculous that this isn't eligible for a bug bounty. It's insane that Intel thinks it doesn't deserve a CVE." Jake Williams: "...it's ridiculous that this isn't eligible for a bug bounty. It's insane that Intel thinks it doesn't deserve a CVE." Supplied Featured

A security researcher says a fix for a new vulnerability in Intel processors is likely to require changes to the core operating system and would probably need "a ton of work to mitigate (mostly app recompile)".

Former NSA hacker Jake Williams said on Twitter: "Hyperthreading is THE main reason Intel won the processor war over AMD. Pretending that OS developers are the problem is ridiculous. I remember people talking about theoretical attacks on hyperthreading from its introduction."

The flaw, which has been dubbed TLBleed by the researchers who discovered it, has been played down by Intel with the company unwilling to even obtain a Common Vulnerabilities and Exposures number. The CVE system, a catalogue of known security threats sponsored by the US Department of Homeland Security, provides a reference method for publicly known vulnerabilities and exposures.

Details of TLBleed were leaked to the British tech website, The Register, on Friday; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. The name TLBleed comes from the fact that the flaw targets the translation lookaside buffer, a CPU cache.

Intel also refused to pay a bug bounty to the team that found the flaw, with one researcher Ben Gras commenting: "The HackerOne bug bounty program run by Intel has side channels in scope. However, Intel has dismissed our report as it does not demonstrate a side-channel attack against its ‘constant time’ — its side-channel hardened — cryptographic primitives."

The researchers, from the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, had earlier shared the paper on their findings with the OpenBSD project which produces a highly secure UNIX-like operating system; the project took the step of disabling hyperthreading through which TLBleed can be exploited.

With the paper due to be presented at the Black Hat USA 2018 conference in August, OpenBSD leader Theo de Raadt told iTWire that he could not be more specific about the nature of the vulnerability that had led to the disabling of hyper-threading.

Williams, a former member of the NSA's elite Tailored Access Operations unit who now runs his own security company, Rendition Infosec, said: "First, it's ridiculous that this isn't eligible for a bug bounty. It's insane that Intel thinks it doesn't deserve a CVE.

"Second, it's hard to imagine that Intel won't make changes to their processors to fix this. TLB management has subtle nuances depending on the architecture. Even if Intel's answer to TLBleed is 'recompile' it's not clear how quickly compiler authors can work out the nuances to make the code safe across different processor models."

He said Intel has assured OS developers that hyper-threading was safe, "so they programmed to that spec. Nothing in the Intel programming docs says 'don't hyperthread different processes on the same core'. Wholesale changes will need to be made to scheduler subsystems."

Williams said the TLBleed vulnerability was likely to be easier to exploit than Spectre variants. He was referring to one of two vulnerabilities disclosed by Intel in January, the other being known as Meltdown.

"But from where I sit it's more evidence that we need to rethink our secure architecture design patterns. How we provision applications, VDI, and multi-tenant hypervisors needs to change," he added.

"I'm not jumping on a bandwagon either. I said the same thing in January when Meltdown and Spectre were released. The advice is just as sound now as it was then. Sure, apply patches when available, but this is about so much more than patching."

An Intel spokesperson told iTWire in an unsolicited comment: "Protecting our customers and their data continues to be a critical priority for us. We are looking into this feedback and thank the community for their ongoing efforts.” (Intel update is here.)

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect