Jump to content

Atuais processadores da Intel e ARM vão levar com um hit na performance até 30%. AMD parcialmente afectada.


Revenge
 Share

Recommended Posts

  • 9 months later...

Mais um :facepalm:

Quote

Intel CPUs impacted by new PortSmash side-channel vulnerability
Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted.

Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPU's internal processes.

The new vulnerability, which has received the codename of PortSmash, has been discovered by a team of five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba.

Researchers have classified PortSmash as a side-channel attack. In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data.

Researchers say PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core.

In lay terms, the attack works by running a malicious process next to legitimate ones using SMT's parallel thread running capabilities. The malicious PortSmash process than leaks small amounts of data from the legitimate process, helping an attacker reconstruct the encrypted data processed inside the legitimate process.

Researchers say they've already confirmed that PortSmash impacts Intel CPUs which support the company's Hyper-Threading (HT) technology, Intel's proprietary implementation of SMT.

"Our attack has nothing to do with the memory subsystem or caching," said Billy Brumley, one of the five researchers, referring to previous side-channel attacks that have impacted SMT architectures and Intel's HT implementation.

"The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side-channel to exfiltrate information from processes running in parallel on the same physical core," Brumley added.

A research paper detailing the PortSmash vulnerability in more depth for astute technical readers will be published on the Cryptology ePrint Archive portal in the coming days, Brumley told ZDNet earlier today via email when we reached out for more details.

TIME TO END SMT/HT SUPPORT
Last year, another team of researchers found a similar side-channel vulnerability named TLBleed impacting Intel's Hyper-Threading (SMT) technology. Following the discovery of TLBleed, the OpenBSD project decided to disable support for Intel's HT technology in upcoming versions of the OpenBSD operating system, on the grounds of security.

"This is the main reason we released the exploit -- to show how reproducible it is," Brumley told us, "and help to kill off the SMT trend in chips."

"Security and SMT are mutually exclusive concepts," he added. "I hope our work encourages users to disable SMT in the BIOS or choose to spend their money on architectures not featuring SMT."

PortSmash is tracked in the CVE vulnerability tracking system with the CVE-2018-5407 identifier.

Pelos visto é SMT.

https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/

POC - https://github.com/bbbrumley/portsmash

Edited by curcundil
Link to comment
Share on other sites

O Ghost já disse tudo :)
Ate ao momento nos AMD não há provas que afeta, vamos la ver o que aparece.

A Intel já veio dizer que isto não é igual aos outros e que ESPERA que não seja unicamente a sua plataforma (Os outros tb devem ser afetados, não estamos sozinhos :( ):lol:

Link to comment
Share on other sites

Quote

AMD CPUS LIKELY IMPACTED

"We leave as future work exploring the capabilities of PortSmash on other architectures featuring SMT, especially on AMD Ryzen systems," the research team said in a version of their paper shared with ZDNet, but Brumley told us via email that he strongly suspects that AMD CPUs are also impacted.

The work behind discovering PortSmash is also the first result of "SCARE: Side-Channel Aware Engineering," a five-year security research project funded by the European Research Council.

"The goal of the project is to find new side-channel vectors and mitigate them," Brumley told us.

 

Link to comment
Share on other sites

2 hours ago, Ilusi0n said:

Fora de gozo, o máximo de diferença de FPS que esses testes mostram é 20FPS para o 9900k. Valeria a pena mais 300€?

Também perde para o 8700k. 

Mas fizeste uma grande compra, pois o teu uso não é apenas para jogar e o 2700x é muito bom para o resto. No que toca a jogos a Intel ainda tem vantagem. 

 

Link to comment
Share on other sites

  • 2 weeks later...
Quote

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees.

Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack -- two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995.

Quote

VENDORS HAVE BEEN NOTIFIED
The research team says they reported all their findings to the three CPU vendors whose processors they've analyzed, but that only ARM and Intel acknowledged their findings.

In addition, the research team also discovered that some vendor mitigations that have been already deployed have also failed to stop the seven new attacks, even if they should have, at least in theory. They provide the following table with the results of their tests of existing mitigations.

Isto nunca mais vai acabar.

Link to comment
Share on other sites

  • 5 months later...
  • 1 year later...

Passaram 3 anos e isto vai começar a ficar muito complicado. Vai ser preciso começar a ter muito cuidado com os sites que visitam.

A Google lançou um proof of concept do exploit a correr nos web browsers através de javascript.

Podem testar aqui: https://leaky.page/timer.html

Na parte do lado esquerdo, façam scroll down e cliquem no "Run". Depois em baixo do lado direito, cliquem em "Next". Depois na nova pagina voltem a carregar em "Run". Podem depois carregar varias vezes e ver se deu Failed ou Success. No meu caso está sempre a dar success, o que significa que se esse site fosse malicioso, já me estavam a roubar dados.

Pior do que isto, o recente Cpu M1 da Apple também é completamente vulneravel.

Quote

Google's Leaky.Page code shows its possible to leak data at around 1kB/s when running their Chrome web browser on a Skylake CPU. The proof-of-concept code is catering to Intel Skylake CPUs while it should also work for other processors and browsers with minor modifications to the JavaScript. Google was also successful in running this Leaky.Page attack on Apple M1 ARM CPUs without any major changes.

https://www.phoronix.com/scan.php?page=news_item&px=Google-Leaky.Page-Spectre

 

No inicio deste mês foi feito upload para o VirusTotal, de um exploit funcional do Spectre para Linux e Windows.

Quote

Someone was silly enough to upload a working spectre (CVE-2017-5753) exploit for Linux (there is also a Windows one with symbols that I didn't look at.) on VirusTotal last month, so here is my quick Sunday afternoon lazy analysis.

In the case of /etc/shadow, the default option, the content of the file is shoved in memory by running the following command in the background: return system("echo \"whatever\n\" | su - 2> /dev/null"). In my lab, on a vulnerable Fedora, the exploit is successfully dumping /etc/shadow in a couple of minutes.

O exploit conseguiu fazer dump de uma pasta completa, e não há nada que se possa fazer para proteger...

A parte que é muito preocupante:

Quote

While the V1 gadget can be mitigated at the software level, Chrome's V8 team determined that other gadgets such as for Spectre Variant 4 to be "simply infeasible in software" for mitigating.

Existe variantes do exploit que não é possível ser mitigado por software. O que significa que com o hardware actual que temos, estamos expostos a estes exploits sem nada a fazer, e agora que está provado que qualquer website pode ter o exploit a correr em javascript, basta visitarmos o site errado.

Link to comment
Share on other sites

35 minutes ago, Revenge said:

Passaram 3 anos e isto vai começar a ficar muito complicado. Vai ser preciso começar a ter muito cuidado com os sites que visitam.

A Google lançou um proof of concept do exploit a correr nos web browsers através de javascript.

Podem testar aqui: https://leaky.page/timer.html

Na parte do lado esquerdo, façam scroll down e cloquem no "Run". Depois em baixo do lado direito, cliquem em "Next". Depois na nova pagina voltem a carregar em "Run". Podem depois carregar varias vezes e ver se deu Failed ou Success. No meu caso está sempre a dar success, o que significa que se esse site fosse malicioso, já me estavam a roubar dados.

Aqui deu sempre Failed. CPU 6600K, browser Firefox. :unsure:

Link to comment
Share on other sites

16 minutes ago, Jokeman said:

Aqui deu sempre Failed. CPU 6600K, browser Firefox. :unsure:

A explicação deve estar aqui:

Quote

The proof-of-concept code is catering to Intel Skylake CPUs while it should also work for other processors and browsers with minor modifications to the JavaScript.

Isto é apenas um proof of concept, por isso experimenta com o Chrome a ver se dá success. Se não der, estás a fazer algo mal no teste.
Ou então tens um Cpu especial todo o terreno :-..

 

Experimentei agora com o Internet Explorer e alguns deram-me failed, mas a maioria deu success.

Link to comment
Share on other sites

4 minutes ago, Revenge said:

Isto é apenas um proof of concept, por isso experimenta com o Chrome a ver se dá success. Se não der, estás a fazer algo mal no teste.
Ou então tens um Cpu especial todo o terreno :-..

Com o Chrome, tenho 90% Success. Com o Firefox, 100% Failed.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.