Security news that informs and inspires

New Variant of ZombieLoad Bypasses Intel Mitigations

When security researchers at Graz University of Technology in Austria first discovered a new set of speculative execution attacks on Intel processors in April, the team worked with the vendor to work out mitigations and fixes before disclosing the attacks a few weeks later. It turns out, those fixes were not completely effective and the researchers have disclosed a new variant of their ZombieLoad attack that works on Intel processors that have hardware mitigations in place.

The new version of ZombieLoad affects several different Intel CPUs used in mobile devices, servers, desktops, and workstations, and the TU Graz team discovered that they could bypass the mitigations Intel put in place and use the attack to steal sensitive information from the processors under certain conditions. Intel has developed new mitigations and released firmware updates for the affected processors, which include some Intel Core, Xeon, and Pentium chips.

“With November 14th, 2019, we present a new variant of ZombieLoad that enables the attack on CPUs that include hardware mitigations against MDS in silicon. With Variant 2 (TAA), data can still be leaked on microarchitectures like Cascade Lake where other MDS attacks like RIDL or Fallout are not possible. Furthermore, we show that the software-based mitigations in combinations with microcode updates presented as countermeasures against MDS attacks are not sufficient,” the researchers said.

ZombieLoad is a specific type of side-channel attack that takes advantage of a feature in modern processors called speculative execution that allows the processor to save tiny amounts of time by preparing instructions it thinks a program might need before it asks for them. In some cases, a malicious program may be able to reconstruct some of those instructions after the fact and gain access to sensitive data such as encryption keys or passwords. The new variant of the attack takes advantage of weaknesses in Intel’s Transactional Synchronization Extensions, and Intel said in an advisory on the attack that only processors that support TSX are vulnerable.

“Intel TSX supports atomic memory transactions that are either committed or aborted. When an Intel TSX memory transaction is aborted, either synchronously or asynchronously, all earlier memory writes inside the transaction are rolled back to the state before the transaction start. While an Intel TSX asynchronous abort (TAA) is pending, certain loads inside the transaction that are not yet completed may read data from microarchitectural structures and speculatively pass that data to dependent operations. This may cause microarchitectural side effects, which can later be measured to infer the value of the data in the microarchitectural structures,” Intel’s advisory says.

The research team from TU Graz who discovered the vulnerabilities and developed the ZombieLoad attack includes Moritz Lipp, Daniel Gruss, and Michael Schwarz, and they presented their findings at the ACM Conference on Computer and Communications Security this week in London. In their technical paper, they present several potential attack scenarios for the new variant of ZombieLoad, all of which are predicated on the attacker being able to run code on the target machine.

“In the cross-process user-space scenario, an unprivileged attacker leaks values loaded or stored by another concurrently running user-space application. We consider such a cross-process scenario most dangerous for end users. Many secrets are likely to be found in user-space applications such as browsers. The attacker is co-located with the victim on the same physical but a different logical CPU core, a common case for hyperthreading,” the paper says.

Side-channel attacks such as ZombieLoad are complex, time consuming, and difficult to execute. But that does not mean that they’re out of reach for skilled attackers. The TU Graz researchers said they don’t have any evidence of the ZombieLoad attack being implemented in the wild, but both the researchers and Intel urged customers to install the firmware updates to mitigate the new technique.