Hardware Hrozby -
Intel guidance for developers in response to LVI
LVI is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.
Load Value Injection in the Line Fill Buffers (LVI-LFB)
In recent years, several researchers have discovered and disclosed a series of vulnerabilities named microarchitectural side channel attacks. A side channel attack relies on careful measurements made by an attacker to determine the value of a secret located inside the victim memory (which is normally inaccessible to the attacker). The initial “wave” of side-channel attacks includes Meltdown [1] and Spectre [2].
This technical deep dive expands on the information in the Load Value Injection (LVI) disclosure overview for software developers. Note that this documentation will use more precise (but different) terminology for transient execution side channel methods than we have used in past documents. Be sure to review the updated terminology guide and the list of affected processors.
Take A Way: Exploring the Security Implications of AMD’s Cache Way Predicto
To optimize the energy consumption and performance of their CPUs, AMD introduced a way predictor for the L1-data (L1D) cache to predict in which cache way a certain address is located. Consequently, only this way is accessed, significantly reducing the power consumption of the processor.
The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME).
The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks.
In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer
We present Rogue In-flight Data Load (RIDL)1 , a new class of unprivileged speculative execution attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from a variety of micro-optimizations pervasive in commodity (Intel) processors, which cause the CPU to speculatively serve loads using extraneous CPU-internal in-flight data (e.g., in the line fill buffers).
Recently, out-of-order execution, an important performance optimization in modern high-end processors, has been revealed to pose a significant security threat, allowing information leaks across security domains. In particular, the Meltdown attack leaks information from the operating system kernel to user space, completely eroding the security of the system. To address this and similar attacks, without incurring the performance costs of software countermeasures, Intel includes hardware-based defenses in its recent Coffee Lake R processors.
The WPA3 certification aims to secure Wi-Fi networks, and provides several advantages over its predecessor WPA2, such as protection against offline dictionary attacks and forward secrecy. Unfortunately, we show that WPA3 is affected by several design flaws, and analyze these flaws both theoretically and practically. Most prominently, we show that WPA3’s Simultaneous Authentication of Equals (SAE) handshake, commonly known as Dragonfly, is affected by password partitioning attacks. These attacks resemble dictionary attacks and allow an adversary to recover the password by abusing timing or cache-based side-channel leaks.
Modern microarchitectures incorporate optimization techniques such as speculative loads and store forwarding to improve the memory bottleneck. The processor executes the load speculatively before the stores, and forwards the data of a preceding store to the load if there is a potential dependency. This enhances performance since the load does not have to wait for preceding stores to complete. However, the dependency prediction relies on partial address information, which may lead to false dependencies and stall hazards
Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. With the popularity of Thunderbolt 3 over USB Type-C and smart internal devices, opportunities for these attacks to be performed casually with only seconds of physical access to a computer have greatly broadened. In response, commodity hardware and operatingsystem (OS) vendors have incorporated support for Input-Ouptut Memory Management Units (IOMMUs), which impose memory protection on DMA, and are widely believed to protect against DMA attacks.
Two vulnerabilities in the Bluetooth chips typically found in access points that provide WiFi service in enterprises allow attackers to take control of the devices without authentication or to breach the network. The vulnerable chips are also present in medical devices (insulin pumps, pacemakers), smart locks and a variety of other types of products that rely on Bluetooth Low Energy (BLE) technology for communication. A tally of affected gadgets is currently unavailable.
Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver a physical message from a sender to a receiver. Technology wise, however, that was a long time ago. Today we are light years away from those dark days. In its place we have email, chat messengers, mobile communication channels, web-services, satellites using quantum messaging and more.
TLBleed is a new side channel attack that has been proven to work on Intel CPU’s with Hyperthreading (generally Simultaneous Multi-threading, or SMT, or HT on Intel) enabled. It relies on concurrent access to the TLB, and it being shared between threads. We find that the L1dtlb and the STLB (L2 TLB) is shared between threads on Intel CPU cores.
Foreshadow is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018.The vulnerability is a speculative execution attack on Intel processors that may result in the loss of sensitive information stored in personal computers, or third party clouds.There are two versions: the first version (original/Foreshadow) (CVE-2018-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-2018-3620 and CVE-2018-3646) targets Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre .Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Tentokrát z laboratoří IBM Zurich přichází nová verze tohoto útoku, která umí podobné kousky na SSD discích (namísto původní RAM paměti). Využitím tzv. cell to cell interference dokáží ovlivnit sousední bloky a následně jim v jejich názorném útoku stačí najít blok sousedící s tabulkou i-nodů. Pak již zbývá ovlivnit nový nebo existující i-node tak, aby byl vlastněn rootem a měl nastavený suid bit. Při smíchání všeho dohromady je tak možné využít například shell binárku a nastavit jí potřebné atributy a získat tak oprávnění roota. Jak se dá asi očekávat, nejedná se o triviální útok.
Rowhammer je zranitelnost v DRAM zařízeních, která umožňuje útoky, jako je zvýšení úrovně oprávnění a pískoviště útěk. Opakovaně přístup řádek v posledních DRAM zařízení mohou způsobit trochu vyletí v přilehlých řadách, a útoky prokáže a doloží týmem Google Project Zero používali toto chování získat prileges jádra na x86-64 Linux strojích (od neprivilegovaným uživatelské pozemků).
Výzkumníci z Check Pointu (Ohad Bobrov a Avi Bashan) objevili chybu, pomocí níž je možné plně vzdáleně ovládnout téměř jakýkoliv Android. Chybu pojmenovali Certifi-Gate a týka se základní součásti Androidu – Remote Support Tool (mRST). Tato služba běží s nejvyšším oprávněním a není možné ji smazat ze systému. Stovky milionů těchto zařízení jsou tak v nebezpečí a bohužel velká část z nich nebude opravena nikdy, protože výrobci nejsou donuceni k aktualizacím svých upravených verzí Androidu, a tak můžete ještě dnes koupit mobil s Androidem verze 2.3 obsahující minimálně 16 bezpečnostních zranitelností.
Zranitelnost UEFI Secure bootu u zařízení s MS Windows umožňuje hackerům spuštění bootkitů/rootkitů na zařízeních s MS Windows. Microsoft se sice pokouší tuto chybu opravit, avšak doposud ne zcela úspěšně. Zranitelnost Secure bootu je možné využít k obejití bezpečnostních mechanismů secure bootu a k následné instalaci bootkitu/rootkitu na zařízení s MS Windows. Bezpečnostní analytici se domnívají, že tento bezpečnostní problém nemůže být zcela eliminován