ZombieLoad and Store-to-Leak Forwarding are the new attack methods that the Graz University of Technology security researchers Daniel Gruss, Moritz Lipp and Michael Schwarz from the Institute for Applied Information Processing and Communication Technology at Graz University of Technology (Austria) and an international team have just published. The three computer scientists, together with Graz University of Technology Professor Stefan Mangard, were already involved in the discovery of the serious security gaps Meltdown and Spectre last year.
ZombieLoad uses a similar mechanism as Meltdown: to work faster, computer systems prepare multiple steps in parallel and then discard those that are either not needed or do not have the necessary access rights. However, the access rights check only happens after the sensitive calculation steps based on assumptions of the computer system have already been worked through in advance. “In this short moment between code execution and check, we can with the new attack see the already loaded data from other programs,” Gruss explains. In this way, researchers can read what is currently being done on the computer in plain text. ZombieLoad affects all processors developed by Intel between 2012 and early 2018.
For Meltdown there was a simple solution with the “KAISER” patch available, developed by the TU Graz team, which however affected the speed of the computer to some extend. For ZombieLoad attacks a solution could be more difficult, as Gruss explains: “Each CPU has several cores and each core is split again. This allows several programs to run simultaneously. According to our analysis, one of these two areas must be deleted.” This would mean performance losses of 50 percent. Or in a cloud that is also threatened by the attack method, 50 percent fewer potential users on the same hardware. All processors developed by Intel between 2012 and early 2018 will be affected.
Store-to-leak forwarding also exploits the optimized working methods of computer processors and reads preloaded data. “The computer assumes that I want to reuse the data that I have just written into the processor. So it keeps them in the buffer in order to be able to access them more quickly,” explains Gruss. This way of working can be used again to explore the architecture of the computer processor and find the exact location where the operating system is running. “If I know exactly where the operating system is running by the processor, I can launch targeted attacks on operating system vulnerabilities.”
The researchers reported the discoveries to the manufacturer Intel, which is now working on a solution. “All computer users should urgently install all new updates so that their computer systems are safe again,” Gruss recommends.
Further information on ZombieLoad: https://zombieload.com/zombieload.pdf
Further information on Store-to-Leak Forwarding: https://cpu.fail/store-to-leak.pdf