At the beginning of 2019, an international research team led by Daniel Gruss, Michael Schwarz and Moritz Lipp from TU Graz discovered the processor loophole ZombieLoad. Since then there has been a software patch and new processors. But with a new variant of the old attack these are no longer safe either.
Meltdown and Spectre opened an entirely new security research area in early 2018. Until then, loopholes were sought for and found exclusively in the software of a computer system - but not in the hardware. That changed fundamentally with this new class of attacks. Since the discovery of these serious security problems, the team around Daniel Gruss, Michael Schwarz and Moritz Lipp have regularly published new security leaks. The last one in early 2019 - ZombieLoad. This possibility of attack also takes advantage of the optimized working methods of computer processors to access sensitive data. To fully utilize the power of the processor, with out-of-order excution the computer prepares data and arithmetic steps that it may soon need as a precaution. With hyper-threading, several processes run simultaneously on one CPU and also share the available buffer memory. Attackers can access these neighboring processes and data with the right technology, even though they should be invisible.Update for ZombieLoad
For older processors, Intel, the manufacturer affected by the new attacks, developed a software patch and updates for the CPUs. New processors from the manufacturer also work with the newly developed Cascade Lake microarchitecture, which should be protected against this type of attack from the ground up. This is the case for the attack methods known so far. With a minimally modified variant of the attack code, the researchers at TU Graz were now able to access the processors considered to be secure. And there are also loopholes in the software patch, as Daniel Gruss summarizes: "Basically, attackers can use them to do everything that should no longer be possible. But the software update makes it harder for them."Install updates
"We reported the variant to Intel in April, immediately after we had found it," says Daniel Gruss. "We’re publicising it now because Intel needed the time to develop a counter-strategy. We continue to advise all users to install all the new security updates."The research was funded by the ERC project Sophia, the project DeSSnet and the project ESPRESSO as well as by a donation from the manufacturer Intel.
Research partners:
Michael Schwarz, TU GrazMoritz Lipp, TU Graz
Daniel Gruss, TU Graz
Daniel Moghimi, Worcester Polytechnic Institute
Jo Van Bulck, imec-DistriNet, KU Lueven
Julian Stecklina, Cyberus Technology
Thomas Prescher, Cyberus Technology