Update, 8/15/18, 1:40 p.m. PT: Intel sent Tom's Hardware a statement, clarifying that the microcode update was sent to manufacturers earlier this year.
“L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We’d like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion- Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue.”
Original, 8/15/18, 9:38 a.m. PT:
Intel chips have been marred by another series of security flaws dubbed Foreshadow-NG. Researchers discovered the vulnerabilities, which primarily affect Intel’s Software Guard Extensions (SGX) and the security of virtualized environments.
What Is the Foreshadow Attack?
Foreshadow is yet another speculative execution flaw (much like Meltdown and Spectre) in Intel’s processors that allows attackers to steal sensitive contents stored in computers' or virtual machines' memory. Most modern processors utilize speculative execution to improve performance. As the name suggests, the chips will speculate or assume the instructions they need to execute next, instead of waiting around for the previous instructions to complete their execution. When the prediction is correct, this saves overall execution time, while the incorrect predictions are scrapped.
Researchers discovered the first Foreshadow flaw earlier this year. This flaw also affected Intel's SGX, which is a security feature that allows app developers to store sensitive information, such as encryption keys, in hardware-protected virtual enclaves.
Now, Intel's own security team has identified two more variants, which they're calling Foreshadow-NG (next-generation). We also know from earlier reports that Intel was supposed to release patches on August 14 for some unknown “Spectre-NG” flaws. The Foreshadow flaws seems to be the last of the group of Intel chip flaws nicknamed Spectre-NG earlier this year.
Intel SGX Under Attack
SGX, the secure enclave technology Intel introduced with the Skylake generation of its processors, encrypts blocks of memory so that malware that may have infected an operating system can’t get to the sensitive data stored in the SGX enclaves. The processor itself validates the integrity of the enclaves, so as long as the processor is trusted, the enclaves can also be trusted.
Because processors are typically much more secure than operating systems and applications, the SGX enclaves are attractive to certain app developers concerned about their users’ security. The Signal private messenger, for instance, is one of the apps that has started using Intel’s SGX to protect the privacy of its users.
However, the Foreshadow attack has found a way around the SGX protections, which normally don’t allow attackers to penetrate the enclaves with speculative execution attacks. According to the researchers that found the flaw, attackers could create shadow-copies of the secure enclave-protected data and then read the contents of those copies. They can later also trick users into trusting and sending their private data to the new fake enclaves.
Virtual Machines Vulnerable to Foreshadow-NG
Intel’s researchers found two Foreshadow-related attacks that would allow attackers to read any of the contents of the CPU chip's L1 cache. This is also why Intel calls this new family of flaws “L1 Terminal Fault” or L1TF.
- allow a malicious user application to read kernel memory
- allow a malicious guest virtual machine to read the hypervisor’s memory or the memory of another guest virtual machine (especially dangerous in the cloud/web hosting scenario)
- allow a malicious OS to read memory protected by the SMM
Affected CPUs and Mitigation
The researchers said that the original Foreshadow variant only affects Intel’s SGX-capable chips, which includes the Skylake generation and newer.
Meanwhile, the two Foreshadow-NG variants don’t seem to affect other chip providers so far and affect the following Intel chips:
- Intel Core i3/i5/i7/M processor (45nm and 32nm)
- 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
- Intel Core X-series processor family for Intel X99 and X299 platforms
- Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
- Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 family
- Intel Xeon Processor E5 v1/v2/v3/v4 family
- Intel Xeon Processor E7 v1/v2/v3/v4 family
- Intel Xeon Processor Scalable family
- Intel Xeon Processor D (1500, 2100)
Previous countermeasures implemented against Spectre and Meltdown can't protect against Foreshadow attacks, according to the security researchers that uncovered the Foreshadow flaws. Mitigation against the Foreshadow flaws require updates to operating systems, hypervisors and Intel chips microcode. Intel's own benchmarks showed that the performance impact of the patches is negligible.
Although getting the operating system and hypervisor updates should be easier, getting the microcode updates will be trickier for the many users who fully depend on manufacturers to send them the updates. That means most older PCs and laptops may not be fully protected against the Foreshadow attacks.