Researchers have found another security flaw in the Intel processor chips that power most of the world’s computers, one that can compromise users’ private data – and that can’t be fixed without a major performance drop.
The exploit, dubbed ZombieLoad, is embedded in Intel’s processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips’ performance. The vulnerability may allow attackers to ‘resurrect’ critical data processed by the chip – from browser history and passwords to disk encryption keys and other system-level sensitive data.
Its reach isn’t even limited to the end-user’s computer, according to researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss from Graz University of Technology and Jo Van Bulck from KU Leuven: it “can also be exploited in the cloud.”
Intel claims there is no evidence Zombieload was exploited by real-world actors, but as the researchers explain, because it’s a hardware vulnerability, attackers who use it may not leave the traces of outside interference found with typical software exploits. It’s also ‘unlikely’ such activity would be caught by an anti-virus program, though secondary attacks that use it to invade a user’s system might set off alarms.
Intel has reportedly addressed the problem “at the hardware level” in its newest processors, while releasing microcode and software updates to patch older chips. Apple, Microsoft, Google, and Mozilla have all issued their own patches, but some users might have to brace for as much as a 40 percent reduction in performance.
ZombieLoad was discovered by the same researchers who uncovered the notorious Spectre and Meltdown vulnerabilities in 2017, a finding which shook the computer world’s sense of security to its core. Meltdown affected almost every processor Intel had ever manufactured going back to the mid-1990s. Spectre, which proved more difficult to patch even at the software level, also afflicted Intel’s competitors, including AMD and ARM, which manufactures chips for smartphones and other internet-of-things devices. Savvy users were forced to reconsider the wisdom of cloud computing – even if they patched their own machines, their data was only as safe as the processors the cloud providers used.
If you like this story, share it with a friend!