Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings

Over the past two years, attacks like Spectre, Meltdown, and variants on those techniques—all capable of tricking a broad range of processors into coughing up sensitive data—have shown how hard it can be to secure a chip. But it's one thing for a company like Intel to scramble to fix a vulnerability, and a very different one when it fails to act on one of those flaws for more than a year.


Today researchers at Vrije Universiteit in Amsterdam, KU Leuven in Belgium, the German Helmholtz Center for Information Security, and the Graz University of Technology in Austria revealed new versions of a hacking technique that takes advantage of a deep-seated vulnerability in Intel chips. They're spins on something known as ZombieLoad or RIDL, an acronym for Rogue In-Flight Data Load; Intel refers to it instead as as microarchitectural data sampling, or MDS. Like the Spectre and Meltdown vulnerabilities—which some of the same Graz researchers were involved in uncovering in early 2018—the new MDS variants represent flaws that could allow any hacker who manages to run code on a target computer to force its processor to leak sensitive data. The scenarios for that attack could include anything from a website's Javascript running in a victim's browser to a virtual machine running on a cloud server, which could then target a virtual machine on the same physical computer.

But in this case, the researchers are pointing to a more serious failing on Intel's part than just another bug. While they warned Intel of these newly revealed MDS variants as early as September 2018, the chip giant has nonethel ..

Support the originator by clicking the read the rest link below.