Researchers Find Side-Channel Flaws in AMD Chips, Company Says Nothing to Worry About
- AMD CPUs could be potentially breached to leak sensitive data, affecting processors released between 2011 and 2019.
- “Take A Way” method of attack exploits the way AMD stores memory through the L1-data.
A group of researchers disclosed new side-channel attacks affecting CPUs made by AMD and accused the firm of covering up the flaws. However, AMD said that these are not new speculation-based attacks.
Researchers from the Graz University of Technology disclosed that AMD CPUs could be breached to leak potentially sensitive data from its processors released between 2011 and 2019, through a side-channel attack.
- The researchers dubbed this side-channel attack as the “Take A Way” attack.
- Side-channel attacks can be used to retrieve sensitive information from signals created by electronic activity within the computing devices during computation.
- The “Take A Way” method of attack exploits the way AMD stores memory through the L1-data (L1D), which essentially retains the leak-able data within CPUs.
How “Take A Way” came into existence?
This attack is not much different from the other side-channel attacks released in the past few years including Spectre, Meltdown, or ZombieLoad.
- To create the “Take A Way” side-channel attack, the researchers attempted to reverse-engineer AMD’s L1D cache way predictor.
- The cache way predictor was embedded in microarchitectures for AMD between 2011 to 2019 as a way to optimize energy consumption and performance for CPUs.
- With reverse engineering, the researchers could detect when the data was accessed by various processes.
- Then, they used this knowledge to leak small pieces of data from the CPU in two subset attacks—“Collide+Probe” and “Load+Reload”—both a part of “Take A Way.”
- “Collide+Probe” lets an attacker monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core.
- “Load+Reload” relies on shared memory and allows stealthier attacks that do not induce any last-level-cache evictions.
- The first subset attack, Collide+Probe, when combined with speculative execution, uses a side-channel analysis to gain unauthorized disclosure of information, as per the researchers.
What’s the solution?
Responding to the findings, AMD said these are not “new speculation-based attacks” and did not offer any mitigations against it. Meanwhile, one of the researchers said that existing mitigations don’t fix “Take A Way” vulnerabilities.
Though AMD did not release new patches, it is advised to follow secure coding methodologies and implement the latest patched versions of critical libraries (including those susceptible to side-channel attacks).