Researchers Find Critical Flaw In Haswell Processors

Discussion in 'Processors and motherboards Intel' started by stevevnicks, Oct 23, 2016.

  1. stevevnicks

    stevevnicks Guest

    Messages:
    1,440
    Likes Received:
    11
    GPU:
    Don't need one
    copy and pasted from another site, and don't sound good ...

    Researchers at the State University of New York at Binghamton have identified a flaw in Intel's Haswell processors that allows malware to circumvent the Address Space Layout Randomization (ASLR) by using a side-channel attack on the Branch Target Buffer (BTB).

    ASLR typically protects the system from malicious attacks by randomizing the offset of program segments in virtual memory. Randomizing the offset prevents an attacker from learning the locations of code pages in the program's address space, which would allow an exploit to redirect the control flow and assume control of the application. Almost all operating systems for the desktop use ASLR, including Linux, Windows, OS X, and even on iOS and Android.

    The scheme attacks the BTB, which stores the history of branch addresses to optimize future branch predictions. As such, it stores the actual addresses that ASLR protects, and the code can ferret out the addresses by creating BTB collisions. The attack ultimately identifies the locations of the kernel and user-level applications so that it can use the data to assume control of the application/system. The researchers used a Linux-based PC with a Haswell processor to test the technique and were able to bypass ASLR in 60 milliseconds.

    The attack is likely widely applicable on the hardware side, as many processor architectures operate on similar principles. A wide spate of operating systems use ASLR, which broadens the attack surface. The attack is sophisticated (it isn't something that a script-kiddie could pull off), but the proliferation of state actors on the international stage, particularly for spying purposes and sabotage, could make this sort of attack yet another powerful tool in the hacking toolbox.
     
  2. er557

    er557 Guest

    Messages:
    423
    Likes Received:
    17
    GPU:
    2x 1080 sc acx 3.0 sli
    YAAAwwn...... moving along, nothing to see here

    critical flaw / shmitical shmow.....
     
  3. stevevnicks

    stevevnicks Guest

    Messages:
    1,440
    Likes Received:
    11
    GPU:
    Don't need one
    move on if it don't apply to you, but do you speak for everyone nah, just ya self, not me ya don't, just thought I share info for people who would like to know.

    still if you like showing your arrogance your doing a stella job with post's like that, keep it up, good work and very informative of the type of arrogant chap you really are :) lol some mothers do ave em.
     
  4. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,505
    Likes Received:
    13,526
    GPU:
    GF RTX 4070
    One thing is putting the test on the local machine (especially acting as administrator account) and another thing is injecting the code (to exploit mentioned flaw) remotely. Only kernel mode code has access to all CPU instructions, and I suspect that user mode code unable to do such things as BTB side-channel attack.
    Also note that ASLR in Windows can be turned off completely, and turned on either on system or process (opt-in) level.
     

  5. thatguy91

    thatguy91 Guest

    It could possibly be fixed with a microcode update anyway, if motherboard companies are bothered updating their bioses if one does become available. Otherwise, you could always update the bios modules yourself (with some associated risk).
     
  6. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,505
    Likes Received:
    13,526
    GPU:
    GF RTX 4070
    Windows can apply microcode update itself (at the boot stage). Lets Intel issue such update in the first place.
     

Share This Page