Former NSA hacker Jake Williams said on Twitter: "Hyperthreading is THE main reason Intel won the processor war over AMD. Pretending that OS developers are the problem is ridiculous. I remember people talking about theoretical attacks on hyperthreading from its introduction."
The flaw, which has been dubbed TLBleed by the researchers who discovered it, has been played down by Intel with the company unwilling to even obtain a Common Vulnerabilities and Exposures number. The CVE system, a catalogue of known security threats sponsored by the US Department of Homeland Security, provides a reference method for publicly known vulnerabilities and exposures.
Details of TLBleed were leaked to the British tech website, The Register, on Friday; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. The name TLBleed comes from the fact that the flaw targets the translation lookaside buffer, a CPU cache.
|
|
The researchers, from the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, had earlier shared the paper on their findings with the OpenBSD project which produces a highly secure UNIX-like operating system; the project took the step of disabling hyperthreading through which TLBleed can be exploited.
With the paper due to be presented at the Black Hat USA 2018 conference in August, OpenBSD leader Theo de Raadt told iTWire that he could not be more specific about the nature of the vulnerability that had led to the disabling of hyper-threading.
Williams, a former member of the NSA's elite Tailored Access Operations unit who now runs his own security company, Rendition Infosec, said: "First, it's ridiculous that this isn't eligible for a bug bounty. It's insane that Intel thinks it doesn't deserve a CVE.
"Second, it's hard to imagine that Intel won't make changes to their processors to fix this. TLB management has subtle nuances depending on the architecture. Even if Intel's answer to TLBleed is 'recompile' it's not clear how quickly compiler authors can work out the nuances to make the code safe across different processor models."
He said Intel has assured OS developers that hyper-threading was safe, "so they programmed to that spec. Nothing in the Intel programming docs says 'don't hyperthread different processes on the same core'. Wholesale changes will need to be made to scheduler subsystems."
Williams said the TLBleed vulnerability was likely to be easier to exploit than Spectre variants. He was referring to one of two vulnerabilities disclosed by Intel in January, the other being known as Meltdown.
"But from where I sit it's more evidence that we need to rethink our secure architecture design patterns. How we provision applications, VDI, and multi-tenant hypervisors needs to change," he added.
"I'm not jumping on a bandwagon either. I said the same thing in January when Meltdown and Spectre were released. The advice is just as sound now as it was then. Sure, apply patches when available, but this is about so much more than patching."
An Intel spokesperson told iTWire in an unsolicited comment: "Protecting our customers and their data continues to be a critical priority for us. We are looking into this feedback and thank the community for their ongoing efforts.” (Intel update is here.)
