kichigin19 - stock.adobe.com
Security researchers disclosed a new version of the ZombieLoad attack and warned that Intel's fixes for the original threat can by bypassed.
The original ZombieLoad attack -- a speculative execution exploit that could allow attackers to steal sensitive data from Intel processors -- was first announced May 14 as part of a set of microarchitectural data sampling (MDS) attacks that also included RIDL (Rogue In-Flight Data Load) and Fallout. According to the researchers, they first disclosed ZombieLoad v2 to Intel on April 23 with an update on May 10 to communicate that "the attacks work on Cascade Lake CPUs," Intel's newest line of processors. However, ZombieLoad v2 was kept under embargo until this week.
"We present a new variant of ZombieLoad that enables the attack on CPUs that include hardware mitigations against MDS in silicon. With Variant 2 (TAA), data can still be leaked on microarchitectures like Cascade Lake where other MDS attacks like RIDL or Fallout are not possible," the researchers wrote on the ZombieLoad website. "Furthermore, we show that the software-based mitigations in combinations with microcode updates presented as countermeasures against MDS attacks are not sufficient."
One of the ZombieLoad researchers, Moritz Lipp, a PhD candidate in information security at the Graz University of Technology in Austria, told SearchSecurity the problem with the patch for the initial MDS issues is that it "does not prevent the attack, just makes it harder. It just takes longer as the leakage rate is not that high."
Lipp added that the team's relationship with Intel has been improving over the past two years and the extended embargo was a direct result of ZombieLoad v2 affecting Cascade Lake processors.
In an update to the original ZombieLoad research paper, the researchers noted that the main advantage of variant two "is that it also works on machines with hardware fixes for Meltdown," and noted that the attack requires "the Intel TSX instruction-set extension which is only available on selected CPUs since 2013," including various Skylake, Kaby Lake, Coffee Lake, Broadwell and Cascade Lake processors.
Intel did not respond to questions regarding ZombieLoad v2 -- which the company refers to as TSX Asynchronous Abort (TAA) -- or the original MDS patch, and instead directed SearchSecurity to the company's November 2019 Intel Platform Update blog post. In that blog post, Jerry Bryant, director of communications for Intel Product Assurance and Security, admitted Intel's MDS mitigations fell short.
"We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface," Bryant wrote. "Shortly before this disclosure, however, we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates."
In an attached "deep dive," Intel also admitted the ZombieLoad v2 attack "may expose data from either the current logical processor or from the sibling logical processor on processors with simultaneous multithreading."
The researchers also noted that with the range of CPUs affected, the attack could be performed both on PCs as well as in the cloud.
"The attack can be mounted in virtualized environments like the cloud as well across hyperthreads, if two virtual machines are each running on one of them," Lipp told SearchSecurity. "However, typically huge cloud providers don't schedule virtual machines anymore."
Chris Goettl, director of product management, security at Ivanti, told SearchSecurity that while the research is interesting, the risks of ZombieLoad are relatively low.
Chris GoettlDirector of product management, security, Ivanti
"In a cloud environment a vulnerability like this could allow an attacker to glean information across many companies, true, but we are talking about a needle in a field of haystacks," Goettl said. "Threat actors have motives and they will drive toward their objectives in most cases as quickly and easily as they possibly can. There are a number of information disclosure vulnerabilities that are going to be far easier to exploit than ZombieLoad."
Lipp confirmed that in order to ensure the leak of sensitive data an attacker would need to ensure "a victim loads specific data, for instance triggering code that loads passwords in order to authenticate a user, an attacker can leak that."
Ultimately, Goettl said he would expect Intel to continue to be reactive with side-channel attacks like ZombieLoad until there is "a precipitating event where any of these exploits are used in a real-world attack scenario."
"The incomplete MDS patch probably says a little about how much effort Intel is putting into resolving the vulnerabilities. They fixed exactly what they were shown was the issue, but didn't look beyond to see if something more should be done or if that fix could also be circumvented," Goettle said. "As long as speculative execution remains academic Intel's approach will likely continue to be reactive rather than proactive."