Intel Reportedly Warned of Critical Chip Security Flaws a Year Ago

Photo: David Becker / Getty

Security researchers who played a role in uncovering the Spectre and Meltdown attacks that targeted microprocessors revealed on Tuesday a new vulnerability in Intel chips which they claim the company failed to address after it was first alerted a year ago.

While Intel has said it’s received no reports of real-world exploits linked to this particular flaw, the potential risk to users is nevertheless significant and serves as the latest example of chip manufacturers struggling with security.

Advertisement

According to the research, the attack is a variant of Zombieload, which targets a class of vulnerabilities Intel calls Microarchitectural Data Sampling (MDS). The attacks have also been referred to as RIDL, or Rogue In-Flight Data Load.

Such attacks may permit a malicious hacker to force a microprocessor to leak potentially sensitive information temporarily stored in its data buffer.

Researchers at Vrije Universiteit in Amsterdam, KU Leuven in Belgium, the German Helmholtz Center for Information Security, and the Graz University of Technology in Austria collectively disclosed the bug, according to Wired.

Advertisement

Wired’s Andy Greenberg reported that while Intel initially addressed the MDS issues in May it had been warned by Vrije Universiteit of additional, unmitigated issues. The researchers reportedly stayed quiet, at Intel’s request, for fear of informing criminals about the vulnerabilities before they could be addressed.

The researchers also told Greenberg—who speculated the discovery may portend additional vulnerabilities as of yet undisclosed—that they’d managed to develop an attack capable of accessing the Intel chips’ purportedly secured data in mere seconds.

Advertisement

Intel, which has begun issuing patches to address the issue, said in a statement sent to Gizmodo that while its work is not complete, it believes it has “substantively” reduced the potential attack surface. “We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel,” it said.

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD