Reported today on TechSpot For the full article visit:
AMD CPUs are vulnerable to a severe new side-channel attack
"Finally, an issue with AMD CPUs!" - someone at Intel probably
Cutting corners: All AMD processors released since 2013 are vulnerable to a pair of new side-channel attacks, "Collide + Probe" and "Load + Reload." Both exploit weaknesses in AMD's L1D cache way predictor, a tool that predicts where data is stored in the processor, to detect when that data is accessed. By combining the new exploits with existing methodologies, researchers from the Graz University of Technology were able to crack open all the secrets of AMD processors in labs and real-world servers.
Processors run a lot of software concurrently and essential to systems' security is keeping programs separate so that one can't see what the other is doing, but new research into AMD's processors has uncovered flaws that allow data to be shared between programs running on the same core.
"The key takeaway of this paper is that AMD's cache way predictors leak secret information," says the research paper from the Austrian team.
In both new exploits, collectively called "Take A Way" flaws, attacking software begins by picking an address corresponding with the target data's address. The attacker then accesses the data stored in their version of the address, but that creates a link based on the address within the cache and the way predictor. The route the processor will take to access that address next time is guaranteed to be quite quick. But if the address is triggered a third time, then the processor will get to it slowly.
All the attacker has to do, then, is bring up that address at regular intervals. If it comes up quick then the victim hadn't accessed it during the interval, but if it
0 Comments