Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Intel CPUs vulnerable to new ‘Snoop’ attack

March 17, 2020
in Internet Security
Intel CPUs vulnerable to new ‘Snoop’ attack
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Intel processors are vulnerable to a new attack that can leak data from the CPU’s internal memory — also known as the cache.

The attack, described as “Snoop-assisted L1 Data Sampling,” or just Snoop (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz, a software engineer at Amazon Web Services (AWS).

You might also like

Spy agency: Artificial intelligence is already a vital part of our missions

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Wieczorkiewicz reported the issue to Intel, and after further investigations, the CPU maker concluded that patches released in August 2018 for the Foreshadow (L1TF) vulnerability also apply to this new attack.

A list of Intel processors that are vulnerable to Snoop attacks is available here. The list includes Intel series like Core and Xeon processors.

At the technical level, the new Snoop attack takes advantage of CPU mechanisms like multiple cache levels, cache coherence, and bus snooping. Below is a simple, non-technical explanation of why the attack exists and how it works.

CPUs, cache levels, cache coherence, and bus snooping

Today, most modern processors have multiple levels of (cache) memory at their disposal to store data while it’s being processed inside the CPU.

Depending on the CPU’s specifications, there could be a Level 1 (L1), Level 2 (L2), and even a Level 3 (L3) cache.

The most used cache level is L1, which is split in two, with one part allocated for processing user data (L1D) and the second for handling the CPU’s own instruction code (L1I).

CPU cache levels

Image: Kartik Khare on Medium

Because of multi-core architectures and multi-cache levels, data is often stored inside multiple CPU caches at once, and even inside the RAM.

Cache coherence is the process that keeps all the cache levels in sync, so the L2, L3, and RAM have the same data that’s in the L1D cache, the place where it usually gets changed first.

“Bus snooping” (or “snooping”) is the operation through which the CPU updates all the cache levels when a change occurs in L1D.

Wieczorkiewicz discovered that under certain conditions, malicious code could tap into the bus snooping operation and trigger errors that leak data from the cache coherence process — namely the cache data that’s currently beening modified in the L1D cache, and effectively leaking data from the CPU’s inner memory.

Snoop attacks don’t work if you applied L1TF patches

The primary downside of this attack is that malicious code that runs on a CPU core can leak data from the other cores, a problem in cloud computing and virtualized environments.

The good news is that this attack is incredibly hard to pull off, and does not return large quantities of data (unlike the original Meltdown and Spectre vulnerabilities).

Furthermore, Intel says that the attack also requires conditions that are hard to satisfy in the real-world.

“Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe Snoop Assisted L1 Data Sampling is a practical method in real world environments where the OS is trusted,” Intel said.

For users who run high-risk systems, the chipmaker recommends applying the Foreshadow (L1TF) patches, released in August 2018.

Furthermore, disabling the Intel TSX (Transactional Synchronization Extensions) feature also greatly reduces the attack surface and make Snoop attacks even harder.

The Snoop attack may be hard to pull off but it’s still of note because it exposes a new attack vector inside bus snooping operations, an area of modern CPU architecture that hasn’t been probed as a potential attack surface before.

Meet snoopy found by @wipawel. This is quite impressive work. There hasn’t been a lot of focus on snoop and usage of cache protocols for side channel issues. Hope this lays foundation for cross core data exfiltration side channel research. https://t.co/kMzPpMwK2X

— Deepak (@0xdbug) March 10, 2020


Credit: Zdnet

Previous Post

Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream

Next Post

Insights into the E-Commerce Fraud Detection Solutions Market Overview - Machine Learning Tools Have Significantly Changed the Way Fraud is Detected - ResearchAndMarkets.com

Related Posts

Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Next Post
Insights into the E-Commerce Fraud Detection Solutions Market Overview – Machine Learning Tools Have Significantly Changed the Way Fraud is Detected – ResearchAndMarkets.com

Insights into the E-Commerce Fraud Detection Solutions Market Overview - Machine Learning Tools Have Significantly Changed the Way Fraud is Detected - ResearchAndMarkets.com

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Blockchain lags behind other technologies in finance adoption for now, says Broadridge
Blockchain

Blockchain lags behind other technologies in finance adoption for now, says Broadridge

February 26, 2021
Supercomputer-Powered Machine Learning Supports Fusion Energy Reactor Design
Machine Learning

Supercomputer-Powered Machine Learning Supports Fusion Energy Reactor Design

February 26, 2021
How 3D Cuboid Annotation Service is better than free Tool? | by ANOLYTICS
Neural Networks

How 3D Cuboid Annotation Service is better than free Tool? | by ANOLYTICS

February 26, 2021
21 Must-Know Instagram Facts for 2021
Marketing Technology

21 Must-Know Instagram Facts for 2021

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Spy agency: Artificial intelligence is already a vital part of our missions February 26, 2021
  • Blockchain lags behind other technologies in finance adoption for now, says Broadridge February 26, 2021
  • Supercomputer-Powered Machine Learning Supports Fusion Energy Reactor Design February 26, 2021
  • How 3D Cuboid Annotation Service is better than free Tool? | by ANOLYTICS February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates