On 14th of May 2019, Academics announced that they had discovered a new class of vulnerabilities affecting entire Intel processors generations. The vulnerabilities allow the attackers to retrieve data being processed inside a CPU. This flaw named Zombieload which is in the same class to the earlier vulnerabilities Meltdown, Spectre and Foreshadow happened in January 2018.
How the flaw is exploited?
Like the same with the other three, the Zombiaload Side channel flaw is exploited abusing an optimization technique named Speculation execution process which is added by the intel for to improve data processing speeds and performances.
Academics have been pocking in various speculation processes for many years and revealing various ways how to leak the data from CPU buffer zones. The mentioned Meltdown, Spectre and ForeShadow vulnerabilities are the instances that shown how CPU components could leak data during the process.
Bitdefender confirmed the finding of the academic team by publishing a whitepaper. It together with academics and other people involved in the original Meltdown and Spectre research has disclose a new attack impacting the speculative execution process and named it a Microarchitectural Data Sampling (MDS) attack, as it targets a CPU’s mircoarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside.
Good and Bad about Zombieload
According to press release, the newer 8th and 9th generations Intel products are already protected against such an attack. The hardware giant stated:
“First identified by Intel’s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.”
From bad side of Zombieload, as per the Academic paper, processors since 2011 other than that are listed above are vulnerable. For a proof, Academic published a video where Academics performed a Zombieload attack to monitor websites that users visit by using privacy protecting Tor browser inside a virtual machine indicates that if Zombieload flaw is exploited, it can effectively break all privacy protections.
Intel advises the Customers to install the new update to mitigate the threat and further add as an advice:
“Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel® HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.”