Critical flaw in Intel, AMD & ARM chips let hackers steal data from system memory

A critical security flaw present in almost all Intel, ARM and AMD chips and supplied along with Windows, Linux and macOS devices allowed hackers to access passwords, encryption keys, or sensitive information of users stored in system memory.

Intel is working on a comprehensive update to fix the critical flaw but the same may significantly slow down affected chips by 5% to 30% depending upon the type of chips.

Up till now, in order to improve speeds, device manufacturers have been allowing various applications to use system memory which is otherwise allotted to a system's kernel. However, research by Google's Project Zero team has revealed how malicious hackers have been exploiting the said 'speculative execution' to access passwords, encrypted data as well as sensitive user information from system memory.

'Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

YOU MAY ALSO LIKE:

'These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them,' they noted.

'This vulnerability makes it theoretically possible to open up the end user’s device and rummage through the computer’s memory. For example, a JavaScript application running in a browser on a website could potentially access your computer’s kernel memory and rip through any information held there. While it’s unlikely there would be full files stored there, it’s very possible it would find bits and pieces of valuable data, like SSH keys, security tokens and even passwords,' said Mike Buckbee, Security Engineer at Varonis.

Following the revelation, developers are rushing to patch the flaw and are now separating memory used by a system's kernel from that used by other applications. It is hoped that this process will eliminate the chances of hackers gaining access to system memory via other applications.

'Intel is committed to product and customer security and to responsible disclosure. We worked closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to mitigate this issue promptly and constructively,' said Intel.

The chip-maker added that the said flaw has impacted several Intel chips that include the 45nm and 32nm Core i3, i5 and i7 processors, the entire Intel Core M processor family, 2nd Gen to 8th Gen Intel Core processors, 3400 series, 3600 series, 5500 series, 5600 series, 6500 series and 7500 series processors, the entire Intel Xeon Processor E3, E5 and E7 families, Intel Xeon Phi Processor 3200, 5200, 7200 Series, Intel Atom C, E, A, x3 and Z processor series, Intel Celeron Processor J and Processor N series as well as Intel Pentium Processor J and Processor N series.

The firm also admitted that the flaw allowed hackers to 'improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.'

However, the firm said in an official press release that the said exploits do not 'have the potential to corrupt, modify or delete data' and that the said flaw is not specific to Intel products but is also present in chips manufactured by the likes of AMD and ARM Holdings.

While Intel is fixing the said flaw in all affected chips, operating system developers like Microsoft, Apple and Linux are also racing against time to separate kernel memory from memory used by normal applications. Fixes have already been made available for some versions of Linux while fixes for Windows operating systems are yet to be released.

Even though upcoming patches will cure the said flaw in all affected platforms, they will also reduce system speeds by up to 30% as any update will involve rebooting servers running critical systems.

'The patch of such a flaw is a major challenge as a firmware update typically requires a reboot so for servers running critical systems, this results in unplanned downtime. With the fix having a potential performance impact of up to 30%, this means critical systems already running at full power could require costly upgrades to ensure operational stability,' noted Joseph Carson, Chief Security Scientist at Thycotic.

What organisations need to do to protect their data

Carson warns that if organisations choose to ignore that latest security threat, they will do so at their own peril as they may thereby leave their systems vulnerable to attacks more destructive than WannaCry and NotPetya which cost some companies up to $300 million.

'The systems at higher risk are those that are internet connected, meaning they are easily accessible by cybercriminals and those systems used by employees, who regularly use them for browsing the internet, so these systems should be the priority for any organisation that takes cybersecurity seriously.

'Organisations concerned about the possibility of passwords and login keys being exposed, should consider using a password management solution. Even if a cybercriminal exploited this security flaw, the password or login key exposure would be short lived as an enterprise password management solution could continuously rotate passwords regularly to ensure any compromise would be short lived,' he adds.

'While all the details are not available at this point, from what is known, this vulnerability can be considered a threat: it could allow for credential theft or other privilege escalation exploits. In this respect, while potentially dire, it’s very similar to an insider threat or admin data breach. Organisations need to layer multiple levels of protection to build defensive depth in their networks and applications,' said Buckbee.