MELTDOWN REDUX: INTEL FLAW LETS HACKERS SIPHON SECRETS FROM MILLIONS OF PCS

WIRED | 5/14/2019 | Andy Greenberg
stefania (Posted by) Level 3
Click For Photo: https://media.wired.com/photos/5cd9fd2b7560d956aca46e76/191:100/pass/Security_Hacker_CPU-vulnerability_Submarine-.png




More than a year has passed since security researchers revealed Meltdown and Spectre, a pair of flaws in the deep-seated, arcane features of millions of chip sold by Intel and AMD, putting practically every computer in the world at risk. But even as chipmakers scrambled to fix those flaws, researchers warned that they weren't the end of the story, but the beginning—that they represented a new class of security vulnerability that would no doubt surface again and again. Now, some of those same researchers have uncovered yet another flaw in the deepest guts of Intel's microscopic hardware. This time, it can allow attackers to eavesdrop on virtually every bit of raw data that a victim's processor touches.

Today Intel and a coordinated supergroup of microarchitecture security researchers are together announcing a new, serious form of hackable vulnerability in Intel's chips. It's four distinct attacks, in fact, though all of them use a similar technique, and all are capable of siphoning a stream of potentially sensitive data from a computer's CPU to an attacker.

Researchers - Swiss - University - TU - Graz

The researchers hail from the Swiss university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. The groups have named variants of the exploit techniques ZombieLoad, Fallout, and RIDL, or "Rogue In-Flight Data Load." Intel itself has more tamely labelled the new set of attacks "Microarchitectural Data Sampling," or MDS.

Intel had asked all the researchers to keep their findings secret, some for more than a year, until it could release fixes for the vulnerabilities. But at the same time, the company has sought to downplay the severity of the bugs, according to the researchers, who—split into two groups working independently—each warn that the attacks represent a...
(Excerpt) Read more at: WIRED
Wake Up To Breaking News!
Trump - Just saying what the rest won't
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!