1. Computing

Researchers: Intel CPUs are inherently flawed and open to a specific attack

Mark Coppock
By

intel 4th generation core i7 haswell
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Editors' Recommendations

Intel Alder Lake smashes AMD Ryzen 9 6900HX — but at a cost

AMD Ryzen 5000G

What is CPU usage, and how to fix high CPU usage

Over the shoulder view of a person using a Dell XPS 13 2-in-1 laptop.

Intel Raptor Lake processors may have a much bigger cache

Render of Intel Alder Lake chip.

Midrange Alder Lake CPUs overclocked: Massive 33% increase

Pins on Core i9-12900K.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

The best VPN for Linux for 2022

Best Chromebook apps

The best VPN for multiple devices for 2022

The best VPN for Mac is NordVPN.

We tried a bunch of VPNs and this one is the best for Netflix

A TV with the Netflix streaming service on screen.

Intel’s Core i9-12900HK steals back the laptop lead from AMD

msi ge76 raider review 08

Vulkan 1.3 makes it easier to port PC games to mobile devices

Fortnite Android version running on a smartphone.

Molekule adds an Air Score to its Air Pro purifier

molekule enables air score pro

This speedy DDR5 kit is now the world’s fastest RAM

A pair of G.Skill Trident Z5 DDR5 RAM modules.

VPN Test: How to see if your VPN is working

The best VPN for Mac is NordVPN.