Intel needs its community to fight ZombieLoad

digital zombie

A vulnerability has been found in Intel chips that can be used to steal sensitive information directly from the processor, terrifyingly dubbed ZombieLoad.

Adding further fears, the hack also works on cloud servers, which could allow attackers to steal information from other virtual machines running on the same PC.

The initial report came from Michael Schwarz, Moritz Lipp and Daniel Gruss, researchers at the Graz University of Technology in Austria. The name is due to the way the hack "resurrects" private browsing history and other sensitive data.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs," the researchers wrote.

"These secrets can be user-level secrets, such as browser history, website content, user keys and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud."

According to Intel, it knew about the issue first and has been working with the researchers all along. It also has a more technical (and less fun) name for the vulnerability - Microarchitectural Data Sampling, or MDS for short - which it said is already addressed at the hardware level in many of its recent 8th and 9th generation Intel Core processors, as well as the 2nd generation Intel Xeon Scalable processor family.

"These were first found by Intel and independently reported to us by other security researchers," said Bryan Jorgensen, senior director of product assurance and security group at Intel. "These techniques exploit speculative operations accessing data in the microarchitectural structures in the CPU to expose bits of information through a side channel.

"These structures are small and frequently overwritten. With a large enough data sample, time, or control of the target system's behaviour, however, MDS might provide an attacker with ways to glimpse pieces of information they shouldn't be able to see."

While there might seem cause to panic, Intel suggests that there are a number of considerations to keep in mind. Reassuringly, there are no known exploits of MDS outside of a research environment and according to Intel, doing so successfully in the real world is a complex undertaking.

Even so, the company has released microcode updates to help address this potential risk. But, like most zombie films, where the community has to pull together to fight the hoards of undead, Intel is seeking help from its community of manufacturers and customers. Its patches come in the form of a firmware update from system manufacturers that gives your computer's software the ability to overwrite those small structures. These work together alongside updates from OS or virtualisation software providers, meaning users will also need to help protect systems by updating their PCs.

ZombieLoad was one of three security exploits that researchers spotted, with Fallout and Rogue In-Flight Data Load (RIDL) being the other two, but as Intel stated, there hasn't been any reported exploits of any of them. It also appears to be only Intel chips as close rivals AMD said its products were not susceptible to 'Fallout', 'RIDL' or 'ZombieLoad Attack' because of the hardware protection checks in its architecture.

"We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so," the semiconductor firm said.

This swift action from Intel shows it has learned from previous security controversies, such as the Meltdown and Spectre flaws that resulted in 32 class action lawsuits aimed at the chip maker.

Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognise him as the face of many of our video reviews of laptops and smartphones.