Intel Haswell chips open to malware flaw

The vulnerability applies to Haswell chips installed in Linux, Windows, Android and iOS

Researchers from the universities of Binghamton and California claim to have found that Intel Haswell microprocessors running on Linux, Windows, Android and Apple's iOS and MacOS have a vulnerability that could leave devices using the chips vulnerable to malware attacks.

The alleged flaw was discovered by researchers Dmitry Evtyushkin, Dmitry Ponomarev and Nael Abu-Ghazaleh in the address space layout randomisation (ASLR) feature, which randomises memory addresses used by processes to prevent arbitrary code from running and therefore should stop malware being provisioned.

Advertisement - Article continues below

However, the paper showed that this process to safeguard Haswell chips can be intercepted using the branch target buffer (BTB), part of the chip used to cache information in the CPU. The BTB's role is to store target addresses of recently executed branch instructions, which can be looked up to fetch instructions every time a cycle happens. This interception causes memory addresses to leak.

"Since the BTB is shared by several applications executing on the same core, information leakage from one application to another through the BTB side-channel is possible," the researchers explained.

Although the researchers discovered the flaw when using Linux, they said it can be used across operation systems and anyone using a device with a Haswell chip should be aware. The report added that people using 32-bit operating systems are particularly at risk because, although they have less addressable space for randomisation, hackers can build faster and more powerful attacks.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"ASLR implementations across different operating systems differ by the amount of entropy used and by the frequency at which memory addresses are randomised," the researchers said.

"The randomisation frequency can range from a single randomisation at boot or compile time to dynamic randomisation during program execution. More frequent re-randomisation reduces the probability of a successful attack."

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

26 Mar 2020