It’s been a rough couple of years for the folks at Intel.
It was slightly over a year ago that the company publicly acknowledged the existence of two major cybersecurity flaws which affect virtually every CPU the company manufactured since the late 2000s. And two weeks ago, the company’s leadership took to the podium again to confirm the existence of a newly discovered, yet similar security flaw. The security research team that found the bug have dubbed it “ZombieLoad.” They have created a dedicated website to inform people of the vulnerability.
For this week’s blog, we’re going to break the ZombieLoad story into simple terms, so you know what it is and what you can do to fix it if any of your machines are vulnerable to this new form of cyberattack.
What is ZombieLoad and how does it work?
The first thing to know is that ZombieLoad goes by a variety of names because it was discovered concurrently by several independent security research firms. You may also hear the names RIDL, Fallout, or Rogue-in-Flight Data Load, but they all refer to the same security vulnerability.
Intel’s term for this type of cyberattack is Microarchitectural Data Sampling (MDS). In the simplest terms, MDS tricks your processor into leaking out tiny snippets of data as they pass through different components within the CPU itself.
On their own, these snippets of information are mostly useless. To retrieve any useful information, the hacker needs to automate his process and run the attack several hundred times. This may take a few hours, but in the end the hacker will have amassed a pile of data. Using some clever algorithms and a bit of patience, the hacker can sift through this data looking for usernames, passwords and any other valuable personal information.
Imagine someone sitting under your desk, rooting through a paper shredder looking for complete usernames and passwords. It's difficult and tedious and takes a long time, but it may yield very valuable information in the end. This is essentially what is happening during an MDS attack.
In an article for Wired, security research firm VUSec sums up the process concisely. “In essence, [MDS] puts a glass to the wall that separates security domains, allowing attackers to listen to the babbling of CPU components.”
How does MDS affect everyday consumers?
It must be said that as scary as these flaws appear, most computer users are not at risk of facing a ZombieLoad attack, so don’t panic! The process of exploiting this newly discovered vulnerability is very complex and requires specialized skills, meaning the pool of hackers who will be able to pull off such an attack is relatively small. Furthermore, the hacker cannot access the inner workings of your CPU until they find a way to install code on your machine, likely via phishing email or drive-by cyberattack. In short, the hackers who are able to pull this off are much more likely to pursue big fish like companies, not individuals.
What is the risk to businesses?
The real risk is to data and applications that live in the cloud. Because data centers make use of virtual machine (VM) technology, data from multiple users is coursing through the same CPU. This is done on purpose, both to make more efficient use of hardware and enable faster data processing for cloud users. Unfortunately, the discovery of MDS means a hacker sharing your VM instance in the cloud could siphon your data as it passes through the shared processor. Again, this data on its own would be nonsensical and the hacker would likely have to sift through piles of data to find anything useful.
How can you protect yourself?
Unfortunately, the MDS vulnerability is built-in to the hardware of every Intel chip manufactured since 2008. A year ago when the Meltdown and Spectre vulnerabilities were discovered, Intel promised to design those flaws out of its next generation of chips. It is unclear at this time how the discovery of ZombieLoad will affect chip design going forward. One way or another, Intel will take every effort to maximize the security of its chips to avoid losing precious market share.
In the meantime, Intel has collaborated with Microsoft, Apple and Google to create patches that fix the vulnerability. These patches are included with regular software updates, so users don’t have to worry about anything aside from keeping their PC updated. We’ve assembled some handy update guides in the links below.
For individual users on their home PCs, we recommend selecting the relevant guide above and taking a minute to ensure your system is up to date. Sagiss clients can rest assured knowing we’ve installed all available patches and updates from our software partners.
Be aware that the patches fix the vulnerability by turning off some internal features on the CPU, resulting in a performance slowdown. According to Intel, individual PCs should take a 3% performance hit at worst, but that could be as high as 9% in a data center environment.
MDS vulnerabilities are a relevantly new class of exploitable cybersecurity flaws. Researchers are still exploring how these attacks are deployed and how to defend against them. We expect to see more news from Intel in the next few months.
In the meantime, our advice stays the same as always. Avoid suspicious looking emails, and keep your OS and other applications updated. If you have a question about cybersecurity or how ZombieLoad may affect your company’s IT systems, please feel free to reach out. Visitors may submit inquiries on our contact page.