loader gif

Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs (Malware and Vulnerabilities)

Like Meltdown and Spectre, the new MDS attack takes advantage of security flaws in how Intel chips perform speculative execution, a feature in which a processor guesses ahead of time at what operations and data it will be asked to execute, in order to speed up the chip's performance. Unlike Meltdown, which used speculative execution to grab sensitive data sitting in memory, MDS attacks focus on the buffers that sit between a chip's components, such as between a processor and its cache, the small portion of memory allotted to the processor to keep frequently accessed data close at hand. Both TU Graz and VUSec recommend that software makers disable hyperthreading, a feature of Intel chips that accelerates their processing by allowing more tasks to be performed in parallel, but could make certain variants of the MDS attacks vastly easier to pull off. "If we're attacking hard disk encryption, we only attack in the short time frame when the key is loaded into memory, so we have a high chance to get the key and some other data," says Michael Schwarz, one of the TU Graz researchers who worked on both the new MDS attacks and the earlier Spectre and Meltdown discoveries.

loader gif