[NOTICIA RAPIDA] Adivinen que? otro defecto de seguridad de intel

A Intel ya no le duele lo duro, si no lo tupido.

Se descubrió un nuevo tipo de ataque llamado Zombieload v2 que corre desde los viejos Hanswell hasta los mas nuevos procesadores "high core count" de intel CASCADE LAKE.

Esta vulnerabilidad explota la extensión TSX (que irónicamente acelera mucho la emulación y la visualización). Creando conflictos de operaciones y lectura... haciendo que el cpu escupa datos que se están procesando al momento.
Lo peor? No importa que tengas los parches mas nuevos de Meltdown, Spectre..etc.. Este defecto se salta esas protecciones.
AMD ni ARM estan afectados ya que no disponen de TSX.

ll Intel CPU microarchitectures since 2013 are vulnerable to a new class of "Zombieload," attacks, chronicled under "Zombieload v2" (CVE-2019-11135). This is the fifth kind of microarchitectural data sampling (MDS) vulnerability, besides the four already disclosed and patched against in Q2-2019. The vulnerability was kept secret by the people who discovered it, as Intel was yet to develop a mitigation against it. There is no silicon-level hardening against it, and Intel has released a firmware-level mitigation that will be distributed by motherboard manufacturers as BIOS updates, or perhaps even OS vendors. While Intel's latest enterprise and HEDT microarchitecture, "Cascade Lake" was thought to be immune to "Zombieload," it's being reported that "Zombieload v2" attacks can still compromise a "Cascade Lake" based server or HEDT that isn't patched.

"Zombieload v2" is an exploitation of the Asynchronous Abort operation of Transactional Synchronization Extensions (TSX), which occurs when malware creates read operation conflicts within the CPU. This reportedly leaks data about what else is being processed. "The main advantage of this approach is that it also works on machines with hardware fixes for Meltdown, which we verified on an i9-9900K and Xeon Gold 5218," reads the latest version of the Zombieload whitepaper that's been updated with "Zombieload v2" information. TSX is a requisite for "Zombieload v2," and all Intel microarchitectures since "Haswell" feature it. AMD processors are inherently immune to "Zombieload v2" as they lack TSX. Intel downplayed the severity or prevalence of "Zombieload v2," but dispatched microcode updates flagged "critical" nevertheless.

Lo peor?
Se rumora que los parches y/o mitigaciones, costarían a intel otros 4% de desempeño.

Sumando ya todos los parches, es obvio que la perdida de desempeño en chips de intel puede llegar a ser hasta el 60% en ciertos casos (servidores) y en promedio 8-10% en procesadores normales.


Mas información:
www.techpowerup.com/261097/intel-cpus-since-haswell-vulnerable-to-zombieload-v2-attacks-cascade-lake-included
zombieloadattack.com/

Se creían a salvo?

No?
Pues no.. otro exploit/error que afecta los chips de intel.


llamado Plundervolt.

Este defecto que permite a un procesador sacar errores y continuar (en vez de trabarse, o congelarse o hacer BSOD) con solo modificar el voltaje y ciertos códigos. Esto a su vez permite sacar acceso mas haya del ROOT y incluso afectar a partes protegidas del chip o del sistema. o en el caso de intel, el SGX o Software Guard Extensions.

They said that "With Plundervolt we showed that these software interfaces can be exploited to undermine the system's security." Plundervolt specifically targets Intel Software Guard eXtensions (SGX).

Lo peor? el fix hace que el voltage sea fijo y constante. lo cual significa un incremento de energía y calor.

A new attack on Intel’s CPUs, called Plundervolt, may have an unforeseen consequence. The mitigation that fixes it appears to lock the CPU voltage to default settings, possibly preventing users from undervolting or overclocking them.

On Wednesday, however, Intel representatives said that it’s unlikely that SGX use and overclocking will overlap, meaning that the risk to consumers is probably low.

According to the researchers who authored the paper in question, every mobile and desktop Intel Core processor since the sixth-generation “Skylake” onward that supports Intel’s Software Guard Extensions (SGX) is vulnerable to the software attack, which injects faults into the processor package by very briefly decreasing the processor voltage. Injecting these faults can introduce errors into otherwise secure code, or reproduce cryptographic keys by what the researchers call negligible computational efforts.

The researchers said that they believe that the attacks can be mounted by a remote attacker, and not just one with local access.

As most researchers do, the team—made up of researchers at the University of Birmingham, the Graz University of Technology, and imec-DistriNet—reported the vulnerability to Intel, which issued an advisory and also said that it had released firmware updates to motherboard manufacturers. A related blog post by Intel said that the company was unaware of any issues in the wild.

Most users won’t be affected by Plundervolt itself, because it first requires an attack against the system. If SGX has not been enabled or if CPU voltage is locked at the default values, the system is also not vulnerable to this attack method, an Intel spokeswoman added in a follow-up email in response to a PCWorld question.

The mitigation Intel is issuing, however, appears to lock your PC’s voltage settings, preventing you from adjusting them. “Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings,” a related Intel blog post says.

Catalin Cimpanu in ZDNet reported what Oswald at the University of Birmingham had told ZDNet. "The undervolting induces bit flips in CPU instructions itself, such as multiplications or AES rounds (AES-NI)."

No, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt, said the investigators.

In addition to extraction of cryptographic keys, Plundervolt, they found, can cause "memory safety misbehaviour in certain scenarios." Out-of-bounds accesses may arise when an attacker faults multiplications emitted by the compiler for array element indices or pointer arithmetic, they said. "Plundervolt can break the processor's integrity guarantees, even for securely written code."

www.pcworld.com/article/3489538/plundervolt-attack-against-intel-core-cpus-prompts-fix-that-disables-cpu-voltage-settings.html
techxplore.com/news/2019-12-plundervolt-mess-intel-cpus.html