Serious Intel flaw found
This is the big one. A performance feature inside Intel silicon could be exploited to read memory from other processes.
Intel processors: the backbone of many work and home PCs as well as most of the servers that run the Internet – may be fatally flawed.
Security features built into the processor hardware, designed to isolate different pieces of software from each another, isn’t working properly. The root cause appears to be a technique used by Intel to dramatically speed their processors up.
There is a whole arm of research which is dedicated to finding potential exploits within computer hardware. The chip inside your computer, smartphone, car, router that does all the thinking – the processor – is particularly important. It’s normally an interesting but fairly un-rewarding field of work. Interesting in that bugs found here can be almost impossible to fix in the field without replacing the chips themselves, un-rewarding because, thankfully, there have been very few exploits of note found in processor hardware. Until now.
Imagine a typical multi-core multi-threaded processor as a big motorway. The instructions being executed are represented as the cars and lorries driving by. Different vehicles pass by at different speeds. For example, some vehicles are very long – like articulated lorries and cars with trailers. These take a longer time to pass by, slowing down other vehicles behind them. In order to keep traffic moving smoothly, the processor carries out what is known as ‘speculative execution’ – which is just a fancy way of saying it ‘guesses’ what the next car is going to be before it’s arrived. That way, if it does turn up after being stuck in traffic – the hard work has already been done.
Security is also a fundamental part of this model. Vehicles aren’t just allowed to go anywhere – in the computer world this prevents things like your e-mail software reading the password you type in when you log onto your bank.
This is where things get interesting. Imagine a yellow car is trying to turn off onto a road along which only blue cars can drive. The processor stops this and prevents any damage. So far so good.
Now imagine the same yellow car is stuck in traffic following a slow-moving lorry. The processor might, under the right circumstances, guess that the next vehicle is a yellow one and will let it turn into the blue-only lane. Why? Because the processor never actually checks the security of instructions it executes speculatively.
Hard to exploit – harder to fix
Of course – it’s hard to exploit. In his blog, Anders Fogh was unable to write any proof-of-concept code to achieve this, but was still fairly convinced that Intel CPUs are indeed executing instructions without the necessary checks. Either way – the security world is taking it seriously but by all accounts, the patches for Linux, Windows and other software will not be without a serious performance hit. The issue is that the fix is a kludge around faulty hardware that, effectively, can’t be changed in the field.
It’s a timely reminder that we are so dependent on hardware and software that has its roots in designs which might themselves be decades old. The 32 and 64 bit architectures for the x86 Intel processors have their roots in the old Intel 8080 processor – a chip that was released 44 years ago and yet has strongly influenced the design and decisions in today’s devices over four decades later.