Go to listing page

Researchers Find Side-Channel Flaws in AMD Chips, Company Says Nothing to Worry About

Researchers Find Side-Channel Flaws in AMD Chips, Company Says Nothing to Worry About
  • AMD CPUs could be potentially breached to leak sensitive data, affecting processors released between 2011 and 2019.
  • “Take A Way” method of attack exploits the way AMD stores memory through the L1-data.

A group of researchers disclosed new side-channel attacks affecting CPUs made by AMD and accused the firm of covering up the flaws. However, AMD said that these are not new speculation-based attacks.

What happened?
Researchers from the Graz University of Technology disclosed that AMD CPUs could be breached to leak potentially sensitive data from its processors released between 2011 and 2019, through a side-channel attack.

  • The researchers dubbed this side-channel attack as the “Take A Way” attack. 
  • Side-channel attacks can be used to retrieve sensitive information from signals created by electronic activity within the computing devices during computation.
  • The “Take A Way” method of attack exploits the way AMD stores memory through the L1-data (L1D), which essentially retains the leak-able data within CPUs.

How “Take A Way” came into existence?
This attack is not much different from the other side-channel attacks released in the past few years including Spectre, Meltdown, or ZombieLoad.

  • To create the “Take A Way” side-channel attack, the researchers attempted to reverse-engineer AMD’s L1D cache way predictor.
  • The cache way predictor was embedded in microarchitectures for AMD between 2011 to 2019 as a way to optimize energy consumption and performance for CPUs.
  • With reverse engineering, the researchers could detect when the data was accessed by various processes. 
  • Then, they used this knowledge to leak small pieces of data from the CPU in two subset attacks—“Collide+Probe” and “Load+Reload”—both a part of “Take A Way.”
  • “Collide+Probe” lets an attacker monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core.
  • “Load+Reload” relies on shared memory and allows stealthier attacks that do not induce any last-level-cache evictions.
  • The first subset attack, Collide+Probe, when combined with speculative execution, uses a side-channel analysis to gain unauthorized disclosure of information, as per the researchers.

What’s the solution?
Responding to the findings, AMD said these are not “new speculation-based attacks” and did not offer any mitigations against it. Meanwhile, one of the researchers said that existing mitigations don’t fix “Take A Way” vulnerabilities.

Though AMD did not release new patches, it is advised to follow secure coding methodologies and implement the latest patched versions of critical libraries (including those susceptible to side-channel attacks).
Cyware Publisher

Publisher

Cyware