Intel Has Disclosed New Security Flaws that Affect SGX and Virtualization

Discussion in 'HardForum Tech News' started by cageymaru, Aug 14, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,245
    Joined:
    Apr 10, 2003
    Intel has disclosed a new set of security flaws collectively called the L1 Terminal Fault (L1TF). These flaws were discovered in conjunction with researchers at KU Leuven University and other universities. The researchers call their discoveries Foreshadow and Foreshadow - Next Generation (NG). Intel even suggests that disabling SMT might be applicable in some use cases when running virtualized operating systems.

    Foreshadow

    At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key. Making things worse, due to SGX's privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.

    Foreshadow - Next Generation (NG)

    While investigating the vulnerability that causes Foreshadow, which Intel refers to as "L1 Terminal Fault", Intel identified two related attacks, which we call Foreshadow-NG. These attacks can potentially be used to read any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System's Kernel, or Hypervisor. Perhaps most devastating, Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. Finally, in some cases, Foreshadow-NG might bypass previous mitigations against speculative execution attacks, including countermeasures to Meltdown and Spectre.
     
  2. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,245
    Joined:
    Apr 10, 2003
    Foreshadow
    Inside ​
     
    John721, N4CR, KarsusTG and 10 others like this.
  3. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,287
    Joined:
    Nov 16, 2007
    I least Intel 'fessed up this time.
     
  4. lollerwaffle

    lollerwaffle Gawd

    Messages:
    666
    Joined:
    Feb 3, 2008
    Do I read this correctly in that there are 2 vectors, and only one of them is SGX? I wonder if AMD is impacted by the L1 related vulnerability.
     
  5. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,245
    Joined:
    Apr 10, 2003
    I think in the article they said that they haven't gotten it to work on AMD systems yet. Doesn't mean that they are immune.
     
    lollerwaffle likes this.
  6. TheHobbyist

    TheHobbyist Hugs Hard Johnnies [H]ard

    Messages:
    456
    Joined:
    Apr 8, 2008
    Am I right in thinking that this situation is like the malware/virus situation on the windows platform vs say Mac/Linux? It isn't that exploits don't exist on AMD processors, its just that one platform (Intel) has a larger install base so it is the first target?
     
  7. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
  8. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    I don't like it when these types of exploits are called "flaws" because it's literally impossible to design anything that cannot be exploited to some degree(s) given time and the desire to do it. When Intel was making these processors nobody at the time was thinking "Hey, let's do this, which exploits that, and then we're in like Flynn" so, while some responsibility on how the situation is handled after such exploits are created/discovered/made us of does fall back on the makers of the processors, I can't honestly point a finger at Intel and say "Hey, look, even a 1st grader could have seen what was going to happen here..." because at the time that wasn't a possibility for anyone.

    People find exploits all the time, hell I think sendmail still has shit exploited to this day and it's what, 50+ years old now? :D
     
  9. seanreisk

    seanreisk Gawd

    Messages:
    805
    Joined:
    Aug 29, 2011
    Good God, if this keeps up Intel will have to include disposable gloves to install the infested thing.

    dirtyintel.png
     
    Last edited: Aug 15, 2018
    N4CR, Burticus, Vercinaigh and 3 others like this.
  10. idiomatic

    idiomatic n00b

    Messages:
    53
    Joined:
    Jan 12, 2018
    "or choosing not to use hyper-threading"

    Okay wow.
     
    N4CR and LightsOut41 like this.
  11. kilroy67

    kilroy67 Gawd

    Messages:
    648
    Joined:
    Oct 16, 2006
    Im not to worried about this crap anymore. I do the best I can to keep a up to date system with patches, run internet security and practice safe computing. If someone wants to hack my system to see what porn sites I've been on or You Tube video I have watched I say have at it. Im sure it matters to a much greater degree in a business environment then my home system.
     
  12. gamerk2

    gamerk2 [H]ard|Gawd

    Messages:
    1,547
    Joined:
    Jul 9, 2012
    It says a lot that OS's have gotten so secure that it's become easier to hack the underlying HW.

    That being said: It's clear that Core is showing it's age. It's about time Intel start developing a new architecture.
     
  13. Brahmzy

    Brahmzy [H]ardness Supreme

    Messages:
    4,955
    Joined:
    Sep 9, 2004
    What’s the performance hit to mitigate this now? This is getting absurd.
     
    LightsOut41 likes this.
  14. Aireoth

    Aireoth 2[H]4U

    Messages:
    2,337
    Joined:
    Oct 12, 2005
    Pity I bought an Intel CPU right before specter meldown happened. Looks like it's going to be and for the foreseeable future.
     
  15. risc

    risc Handle with Kid Gloves

    Messages:
    168
    Joined:
    May 18, 2017
    I think I'd like to go back to 80's or 90's computing style where it was near strictly functional work and spend the rest of time living my life in peace.

    Keep the performance improvements of course.
     
  16. Nobu

    Nobu 2[H]4U

    Messages:
    2,765
    Joined:
    Jun 7, 2007
    A flaw is a flaw. It may not be an obvious flaw, and likely (I should say, by definition) wasn't purposefully designed with that flaw in mind, but it is still a flaw (virtually all designs have flaws, though they aren't all obvious or serious). Nobody is saying Intel is dumb for making such a flawed CPU, they're (Intel, and media) just reporting the exploits so people know what their exposure is and what solutions are currently available.

    As far as these go, the important thing is how easy it is to implement and execute an exploit, how easy it is to mitigate the exploit or eliminate the flaw altogether, and what level of access is needed to exploit a system. What's unimportant is what you call it...
     
    Last edited: Aug 15, 2018
    ZeqOBpf6 likes this.
  17. Tiberian

    Tiberian DILLIGAFuck

    Messages:
    5,725
    Joined:
    Feb 12, 2012
    Talk about some flawed logic, geez. :p
     
  18. panhead

    panhead Gawd

    Messages:
    902
    Joined:
    Dec 19, 2003
    Banks use Intel CPUs. When your bank account is emptied or your credit card is maxed you will care about this crap.
     
    Darth Kyrie and Wierdo like this.
  19. Anarchist4000

    Anarchist4000 [H]ard|Gawd

    Messages:
    1,659
    Joined:
    Jun 10, 2001
    Upcoming generation of 28 core 1 thread processors incoming with best in class single threaded performance!
     
    spine and clockdogg like this.
  20. Cmdrmonkey

    Cmdrmonkey Gawd

    Messages:
    1,013
    Joined:
    Jul 19, 2004
    What the fuck has Intel even been doing since they released Sandy Bridge in 2011? Their chips haven't improved in any meaningful way, and they keep finding more security issues with them.
     
    N4CR, Burticus, EngrChris and 5 others like this.
  21. Mister E

    Mister E ?

    Messages:
    2,612
    Joined:
    Sep 14, 2004
    Will quantum computers solve this shit?
     
  22. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
    No not even quantum computing can take the "hack me" out of short sighted engineering.
     
  23. Stimpy88

    Stimpy88 [H]ard|Gawd

    Messages:
    1,273
    Joined:
    Feb 18, 2004
    Don’t worry, Intel has a lot of lakes left to drain to fool you in to thinking that your buying a new CPU...

    Intel, the intelligent customers are not buying your rehashed ‘new’ CPUs. We are waiting for a new architecture first.
     
    blandead and LightsOut41 like this.
  24. SmokeRngs

    SmokeRngs [H]ard|DCer of the Month - April 2008

    Messages:
    15,391
    Joined:
    Aug 9, 2001
    I think one of the reasons we're seeing all these flaws and exploits coming out is because Intel hasn't done much regarding the architecture. When using the same architecture for so long it's more likely for flaws to be discovered and exploited. Larger architectural changes can by design or by accident remove flaws. When these changes happen more often the exploits which can be found either aren't found in time to be truly useful or the flawed architecture is naturally phased out with replacements down the line.
     
  25. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    A few things. First Linux and Mac are not only more secure because they have a smaller install foot print. Linux is just as large if not a larger target for criminals as windows is. Sure there are more windows machines in the world and if you want grandmas credit card or a bot net of desktops... windows is your target. If your after Everyones Credit card at the same time your targeting Linux running servers. (or the morons given access to the right Linux servers)

    Too your main point however. No this is not at all an install issue. This is an Intel doesn't know wtf they are doing issue. 20 years of short cuts and bad decisions (some possibly at the behest of Gov agencies) has left a lot of issues with their underlying arch. Intels branch prediction was designed by a complete moron. (no I'm not joking) their routine allows the CPUs prediction engine to directly access privileged memory outside of user space which is just plain stupid design work.

    [ the easiest way to explain Intels issue is like this. If you create a text file in any operating system, even windows. If you are the owner of that file you can set it so only you may open it. Memory the CPU is using works the same way... the memory the CPU is using can be assigned specific users.Intel made a choice years ago, that made their Speculation a lot faster then everyone else... they decided the engine didn't need to check the privileges at the start of calculation. It just used the memory... at the end of the calculation it performs the check. This makes their routine a lot faster as it isn't respecting protected memory locations at all. Also if it tosses that branch of calculation it never had to perform the check at all. The catch of course is, its a really really really stupid ass way to operate, as you can get the chip to perform calculations that copy the memory contents before it ever checks to see if it should be allowed to do that. Which is basically what specter and meltdown are.... on AMD chips their routine won't ever be operating in protected memory spaces as their routine checks memory privs first, there by making it mostly immune to those types of attacks. ]

    Bottom line is... Intel appears to have taken a lot of shortcuts which = higher performance at a sever potential cost to security. It would seem now its all coming to light.

    I am curious now btw if Intels recent down grading by goldmen sacks is perhaps related to these new issues.
     
    Darth Kyrie, Wierdo, Atearen and 3 others like this.
  26. Factum

    Factum [H]ard|Gawd

    Messages:
    1,530
    Joined:
    Dec 24, 2014
    Does this require physcial access to the server?
     
    cageymaru likes this.
  27. polonyc2

    polonyc2 [H]ardForum Junkie

    Messages:
    16,171
    Joined:
    Oct 25, 2004
    another one?...why is AMD never affected (to a large degree) by these things?...is their architecture so world class that they are immune?...I thought Intel had all the best engineers on their payroll
     
    LightsOut41 likes this.
  28. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    21,095
    Joined:
    Sep 13, 2008
    i wouldn't say world class, it's probably just not as corner cutting as intel's architecture.. after all there's a reason they have the IPC gains and clock advantages that they do and that was probably because they had to cut corners in the architecture to get those things. i'm sure a lot of this stems back to the creation of the core 2 architecture where they were desperate as hell to get ahead of AMD and to get people to forget about netburst so they put reward ahead of the risks in what they were designing.
     
    N4CR, Burticus, LightsOut41 and 4 others like this.
  29. ChadD

    ChadD 2[H]4U

    Messages:
    3,688
    Joined:
    Feb 8, 2016
    It isn't that AMDs engineers are better then Intels. Intels engineers know how stupid their no look speculative engine is.

    The difference is AMD is headed by one of the best and few true genius engineering minds of our generation in Lisa Su. She would never sign off on something so bone headed.... Intel is headed by money suits, who say ok so this check here is slowing things down 10%, what if we just didn't do it, cause we have sales numbers to hit.
     
  30. clockdogg

    clockdogg Gawd

    Messages:
    841
    Joined:
    Dec 12, 2007
    Maybe this is Intel's sneaky way to keep those cheapskate internet hosts on the cash cow range. Cheap VMs bad, dedicated servers better. One process, one chip. ;-)
     
  31. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,245
    Joined:
    Apr 10, 2003
     
    John721 and Factum like this.
  32. Factum

    Factum [H]ard|Gawd

    Messages:
    1,530
    Joined:
    Dec 24, 2014
    Like I suspected, not a problem for my workplace due to our design...thanks for the video! ;)
     
    cageymaru likes this.
  33. Factum

    Factum [H]ard|Gawd

    Messages:
    1,530
    Joined:
    Dec 24, 2014
    You can design around this flaw FYI.
    But it might pose a problem for pure cloud-providers ;)
     
  34. M76

    M76 [H]ardForum Junkie

    Messages:
    9,002
    Joined:
    Jun 12, 2012
    I will care when someone demonstrates a viable real-world attack that was made using any of these exploits. We haven't seen any targeted attacks that used speculative execution methods. I'm not saying I want to see those, but until I do see a successful attack that only relied on speculative execution and no other pre-existing security hole. I'll regard this as a remote possibility that hasn't been demonstrated as a real threat. Especially for a home user. I couldn't care less about banks loosing a bit of performance over this, they can afford it.
     
    Factum likes this.
  35. cdr_74_premium

    cdr_74_premium [H]ard|Gawd

    Messages:
    1,579
    Joined:
    Oct 20, 2010
    I've never thought that I would have a nice argument for running a old-ass server (Xeon X3353): it's *safer*! LOL
     
    cageymaru likes this.
  36. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
    You should care now while your ipc is being drained significantly by mandatory patches.
     
    N4CR, LightsOut41 and Darth Kyrie like this.
  37. JavaLava

    JavaLava [H]Lite

    Messages:
    95
    Joined:
    Apr 3, 2018
    Basically this. At work I just categorize it as "This is cyber security 2018" and nothing we can do about it. Keep up to date on the latest threats, attack vectors, etc and patch the hell out of your systems. Put in the proper systems to detect when someone is trying to break in or are in, etc.

    There are teams forming up in colleges and professional businesses where there goal is to find these flaws and exploit them. The flaws existed for years...lets get past that...at least now they are being found. 5 years...10 years ago...cyber security was a threat yes...not but no where as significant as its been in the past year or 2 and its only to keep getting worse. If anyone is reading this and are in college or about to go into college and want a career in I.T...seriously consider studies in Cyber Security...it be worth you while.
     
  38. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,441
    Joined:
    Aug 13, 2017
    Hope there are some Intel engineers reading this.
     
    LightsOut41 and Inacurate like this.
  39. kilroy67

    kilroy67 Gawd

    Messages:
    648
    Joined:
    Oct 16, 2006
    Care about it sure, my options of what I can do about it, limited to basically myself.
     
  40. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,489
    Joined:
    Mar 9, 2003
    Their downgrade is related to potential for growth. Intel is having 10nm and 7nm problems AND their architecture has a major flaw the competition's does not. SO Intel got downgraded and AMD got upgraded.

    That may not be their direct reading of their motivations, it may have worked out that their guys who do their due diligence called up the CIOs or CTOs of the companies they hold a lot of stock in and said where do you see your IT dollars for hardware going, and the answer was not intel, but we all know why that would be.