Home > News content

The Austrian invaded his computer and found a huge Intel chip hole

via:博客园     time:2018/1/6 16:33:23     readed:241

orgsrc=//images2017.cnblogs.com/news/66372/201801/66372-20180106152451440-626488637.jpg

BI Chinese station reported January 6

On the very evening of the night when he successfully invaded his computer and discovered that most of the chips made by hardware giant Intel Corp. over the past two decades had been compromised, Daniel Gruss slept almost overnight. The 31-year-old information security researcher and postdoctoral fellow at the Austrian Graz Technical University have just tampered with the confidential secrets of the internal privacy of his personal computer's central processing unit (CPU).

Until then, Grus and his co-workers Moritz Lipp and Michael Schwarz all agreed that the attack on the processor's kernel memory existed only in theory. Grus said in an e-mail in an interview with Reuters: "I was really shocked to see the address on my private website was compromised by the tools I wrote. & rdquo;

One weekend in early December 2017, Gulos, Lipton and Schwartz work in their homes and send text messages to each other to verify the results. Grus said: "We could not believe the result, so sit for hours on end, until we ruled out the possibility of a mistake in the result. Grus said his brain did not sleep almost overnight even after switching off the computer.

Gluth and his colleagues have just confirmed what he sees as "one of the worst CPU vulnerabilities in history." The vulnerability, now known as Meltdown, was exposed on Wednesday (January 3) local time in the United States and affected most of the chips Intel has manufactured since 1995. Coincidentally, another breach, called Specter, is also exposed, and is found in the core memory of most computers and mobile devices, all of which are supplied by Intel, AMD, and ARM Holdings, a subsidiary of Japan's Softbank chip.

Both vulnerabilities allow hackers to obtain passwords or photos from desktops, laptops, cloud servers or smartphones. It is unclear whether criminals can make such an attack, because Meltdown and Specter will not leave any traces in the log file. Intel said it has begun to provide software and firmware upgrades to address security issues. ARM also said it is working with AMD and Intel for security fixes.

The discovery of these vulnerabilities was first reported by the online scientific journal The Register. As a result of this report, research on vulnerabilities was released a week earlier than the manufacturer's plan, but at this time they do not yet have a complete solution.

However, the team at the University of Graz Technical University has been developing a tool to counter the theft of confidential hacking from kernel memory. They initially nicknamed their application Forcefully Unmap Complete Kernel With Interrupt Trampolines, or "FUCKWIT" for short. In June last year, they submitted related papers and renamed it Kernel Address Isolation to have Side-channels Effectively Removed, or KAISER for short. This is another pun, which means "emperor" in German.

As the name implies, KAISER attempts to protect kernel memory in the so-called side channel attack (SCA) exploiting the design features of modern processors that increase in speed. This includes the processor executing the "out-of-order task", which is not in the sequence received. If the CPU makes the correct guess, the time will be saved. If something goes wrong, the disordered task is canceled and the time is gone.

After reviewing the paper on KAISER, researcher Anders Fogh wrote in a blog in July last year that in order to read information in kernel memory, so-called speculative execution is likely to be abused . However, he can not do it in practice.

It was not until early December that Grusz attacked his PC that the early work of the team at Graz Technical University became clear. As it turns out, KAISER can effectively resist Meltdown. The team quickly contacted Intel and learned that other researchers made similar discoveries, some of whom were inspired by Fogh blogs. They work in a so-called "responsible disclosure" model where researchers notify affected companies about their findings and give the latter time to "patch" the vulnerabilities they found.

Gruiss said key players were independent research team Paul Kocher and Cyberus Technology Corp.'s team, while Google's Project Zero team's Jann Horn came up with similar in conclusion. Grus said: "We integrated our findings with the efforts of Cocher and Cyberus in mid-December, eventually confirming the Meltdown and Specter vulnerabilities. & rdquo;

Gluth did not even realize Horn's job. He said: "Horn made these discoveries on his own, leaving a deep impression. We launched a very similar attack, but our team consisted of 10 researchers. "The broader team says the Meltdown patch based on KAISER is ready for Microsoft and Apple's operating system as well as the Linux open source system.

As for Specter, no solution has yet been found, and the flaw can trick a program to reveal secrets, but it is seen as a hole that hackers can not exploit.

When asked which of these two vulnerabilities is more threatening, Gruss said: "The bigger threat now is Meltdown, but then Specter is more of a threat. Specter harder to use, but harder to fix. So in the long run, I think Specter is even more challenging. & rdquo;

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments