Intel LVI: security researchers have discovered more of the processor-gap


On Intel processors, more security holes have been discovered, the attacker with sensitive data such as passwords, cannot be read at all. It is a similar failure in the architecture of the Chip, such as in the case of a two-year old, known attack scenarios, “the Spectrum,” and “the Collapse,” he said to himself-researcher Bogdan Botezatu, from security software company Bitdefender. In contrast to the “Spectrum” and the “Collapse” of the measures on the vulnerability of the security of different attack variants, however, it is found to be ineffective.

Researchers at the KU Leuven reported that they were told that Intel in April of that year and passed on to a weak point in the special features of the security processor is particularly valuable in that data. You have agreed to an unusually long silence, as for the chip, the group was able to take the necessary safety measures. The end-users to be on the safe side, if your handlers went with the recommended Software Updates, it said. However, the Code that is protected by the security features of the course, it will significantly slow it down. It is expected that in the next few processor generations-the gap is now at the level of the Hardware is going to be closed down. The researchers from KU Leuven have released an FAQ on the subject.

Intel also pointed out that, in order for an attack to be successful, several conditions need to be met, which makes it difficult for an implementation of the attack. The severity of the problem, the company is in a “rating average”.

Attacks on specific sets of data

In the case of the well-known Problem, which is described with the keyword “LVI” (or the “Amount of Charge Injection”), are the processors, which is prone to attack by certain sets of data, ” said Bitdefender. As a result, an attacker may be able to take control of the areas of the Chip and read the information. However, you can’t predict what could be done and by when. In principle, however, one-time passwords, and other sensitive would be information, including.

Compared to a dangerous gap in the center of the data, because the data that the user is in a word processor, it can appear, it is referred to. An attack that does not leave a trace. The processors from Intel-rival AMD, they are not affected by this vulnerability, according to a survey by Bitdefender, said Bogdan Botezatu: The reason for this is that they are a little bit different.

In the past few years, it was discovered the processor of the vulnerabilities are caused due to the fact that the developers of the processor to try it, especially with the advancement steps in order to calculate the labor, in the suspicion (for Speculative Execution) in order to improve the performance of the Chip. In the case of a “Meltdown,” were the only reading of the data. In the scenario of the attack, the handlers are feeding on the weak points first, with the preparation of the data, in order to obtain the information.

Icon: The Power