Plaintext: Threats to Microprocessors, Again

Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Today, we talk about Retbleed, the latest technique for speculative execution attacks targeting modern microprocessors. Enjoying this newsletter? Subscribe to get it delivered directly into your inbox and share with a friend!

Researchers at ETH Zurich have found a way to overcome a commonly used defense against speculative execution attacks targeting modern microprocessors. Attackers can target systems using the “Retbleed” technique to steal sensitive data from the memory of systems containing affected Intel and AMD processors. Intel and AMD have both released advisories with details about remediation.

AMD said the issue identified by the researchers potentially allows arbitrary speculative code execution under certain microarchitecture conditions. "As part of its ongoing work to identify and respond to new potential security vulnerabilities, AMD is recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks," AMD said in an emailed statement.

Intel described the issue as impacting some of its Skylake generation processors that do not have a feature called enhanced Indirect Branch Restricted Speculation (eIBRS). Windows systems are most likely to be unaffected as they typically don’t use eIBRS. [Read more Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs]

Ever since the disclosure of Meltdown and Spectre vulnerabilities back in 2018, security researchers have focused on side-channel attacks.

• Just last month Intel issued a set of different multiple advisories warning of Hertzbleed, a new side-channel timing attack which would allow remote attackers to sniff out cryptographic keys for servers. [Read more ‘Hertzbleed’ Side-channel Attack Threatens Cryptographic Keys for Servers.]
• In March 2020, BitDefender researchers and a team of researchers across multiple universities separately reported that a flaw in Intel CPUs manufactured between 2012 and 2020 could be used to leak privileged information stored in kernel memory. [Read more Researchers Develop New Side-Channel Attacks on Intel CPUs.]

Earlier, security researchers described PACMAN, a proof-of-concept attack targeting Apple’s M1 processor chip. The ARM Pointer Authentication, a processor hardware features used as a last line of defense, attempts to dump memory, hijack execution flow, and completely gain ?control of the system. [Read more Design Weakness Discovered in Apple M1 Kernel Protection]

Faced with a growing volume of increasingly sophisticated threats and the fact that data is distributed across multiple systems within the enterprise environment, organizations are realizing that hardware-assisted security capabilities are critical to a robust security strategy. In some cases, performance improvements come from having security baked [Read More Secure Systems Need Hardware-Enhanced Tool, Intel Says].

Three flaws present in consumer Lenovo laptops can give attackers a way to drop highly persistent malware, ESET researchers found. Lenovo released BIOS updates addressing the updates manually. Earlier this year, Binarly coordinated with Dell to release patches addressing three memory corruption flaws in Dell BIOS.

Headlines on Tap

A focus on chip-level security and defenses:

• Secured-Core PCs would block most firmware attacks, but not many people have this technology.
• In Secure Silicon We Trust: Building upon a hardware root of trust
• New microprocessor technologies such as secure enclaves and cryptography acceleration can be used by hardware to safeguard medical devices.

Subscribe to get the latest headlines delivered to you each morning with Dark Reading Daily.?

On That Note

Can a hacker really take over all the traffic lights in the city?

Can a building, factory, warehouse, or something along those lines explode and catch fire because of a cyberattack?

Source: Myke Simon via Unsplash.com

Tune in to the?second edition of Seen and Heard where Mandiant’s?Chris Sistrunk?and Decipher’s?Dennis Fisher?discuss how popular entertainment shape mainstream perceptions of hacking and cybersecurity. Check us out on LinkedIn Live this Thursday, July 14.