Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Intel Chip being removed from a computer panel

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

If you thought Spectre and Meltdown were going to be the only industry-shaking security flaws to affect nearly every computer, think again. Intel recently revealed three new issues related to its Core and Xeon processors, dubbed collectively as “Foreshadow” by the researchers who discovered the exploits.

Unfortunately for Intel and all of us, Foreshadow doesn’t exactly inspire confidence in the computers we rely on every day. Here’s everything you need to know about the new security flaw.

Meet Foreshadow

Like with Spectre and Meltdown, Foreshadow was first discovered by multiple independent teams outside Intel, in this case as a collaboration between researchers from a few universities.

But the origin story is not where the similarities to the previous security flaws stop. The vulnerabilities revealed in Foreshadow are similar to Meltdown and Spectre in that they take advantage of flaws in the way processors temporarily store data in memory.

In an interview with the BBC, one of the researchers behind the discovery described the attack as targeting a “lock box within Intel’s processors,” which could then leak out any kind of data you wanted.

Intel discovered two other related problems, which researchers have named “Foreshadow-NG” (aka next generation).

The “lock box” Wenisch is referring to is known as the Software Guard Extensions (Intel SGX), and this attack method only works on Intel processors with the special feature. Intel SGX is essentially a set of instructions built into Intel’s chips that enable developers to create private caches, aka enclaves, in memory, for applications such as secure web browsing and digital rights management for streaming video.

This alone was already a dangerous vulnerability waiting to be exploited — but unfortunately, it was only the first of three methods of attack. Upon further investigation, Intel discovered two other related problems, which researchers have named “Foreshadow-NG” (aka next generation).

Foreshadow, the Next Generation

These two vulnerabilities are still based on a processor core’s L1 cache, which is where an individual core of the processor stores the information it will need next. But these newly-discovered issues affect memory uses other than just Intel’s SGX technology.

The first vulnerability in the Foreshadow-NG group can grab data from memory used by the core of an operating system, aka the kernel. This core has access to all data stored in memory, including every app and program installed on the machine. The good news here is that a hacker must have access to your PC and use a malicious program to actually steal that data.

This vulnerability also enables access to data used by the System Management Mode (SMM) installed in all modern processors. This mode is used by the PC’s firmware to control the hardware, manage power, and so on. Again, to steal this data, a hacker must have access to your PC with guest privileges to run malicious software.

Foreshadow affects second- to eighth-gen Intel Core processors, X-Series, and Xeon processors.

The second Foreshadow-NG vulnerability can be used to attack virtual machines. These aren’t real PCs, but rather software-emulated PCs running in memory on a datacenter server. Virtual machines are typically managed by a hypervisor so that data doesn’t leak between these virtual PC instances.

But according to the researchers, a malicious virtual machine could break through those boundaries. “A malicious virtual machine running inside the cloud can potentially read data belonging to other virtual machines as well as data belonging to the cloud’s hypervisor,” the researchers claim.

Who’s affected by Foreshadow?

The original Foreshadow vulnerability, specifically pertains only to SGX-enabled Intel processors. These include all sixth- and seventh-generation Core processors but exclude Atom processors that support SGX. Processors manufactured by AMD are not affected, nor are chips based on ARM’s processor core design (Tegra, Snapdragon, Enyos, etc.).

Foreshadow modern computer affected
The Foreshadow security flaw affects nearly every modern computer with an Intel processor.

Foreshadow-NG is a different story. As of now, chips based on ARM’s architecture and x86-based CPUs from AMD are still under investigation. Processors produced by Intel that fall prey to Foreshadow-NG can be found here in a very long list. It essentially covers second- to eighth-generation Intel Core processors, X-Series chips for the X99 and X299 platforms, Xeon processors spanning from the 32400 Series to the Xeon Processor Scalable Family, and so on.

“We are not aware of reports that any of these methods have been used in real-world exploits …”

Intel was quick to report that microcode updates were already issued earlier this year to protect customers against possible attacks. These updates built a foundation for the current mitigations introduced on Tuesday by operating system providers, hypervisor software developers and the open source community.

Changes will also be made on a hardware level in Intel’s next-generation “Cascade Lake” Xeon Scalable processors and “client processors” launching by the end of 2018.

“We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices,” Intel says. “This includes keeping systems up-to-date and taking steps to prevent malware.”


Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…
Social Media

Facebook is paying cash rewards if you find vulnerabilities in third-party apps

As part of efforts to put the Cambridge Analytica scandal and related issues behind it, Facebook said this week it's expanding its bug bounty program to include third-party apps and websites that could potentially misuse its data.

The best laptop deals for September 2018

Whether you're getting ready for a new school year, shopping for a special student, or just need a new computer, we've got you covered: These are the best laptop deals going, from discounted MacBooks to an on-the-go gaming PC.

Winamp media player might be back from the dead, with Windows 10 support

Winamp might be back from the dead, and it's bringing support for Microsoft Windows 10 with the first new software release since its acquisition by Radionomy in 2014. Fans of the media player will also enjoy new features and bug fixes.

Photoshop isn't required to resize images. Here are 6 ways to do it in seconds

Resizing an image isn't the toughest thing in the world, even if it may seem like a hassle. Here's how to resize an image using six tools that allow you to make quick work of any photo, regardless of your operating system.

Heavily overclocked RTX 2080 Ti steals every 3DMark record

Nvidia's RTX 2080 Ti is already the most powerful graphics card ever released, but with liquid nitrogen cooling overclocker Kingpin was able to push the card to new heights and break a bunch of records in the process.

Chromebook keyboard showcase may have leaked Pixelbook 2 images

As we approach Google's #madebygoogle event taking place in early October, new rumors and leaks for a possible Pixelbook 2 are appearing online. This latest one may show what the rumored Nocturne design will look like.
Virtual Reality

Walmart stocks its stores with VR training for its employees

Walmart will begin rolling out virtual reality training experiences to all of its stores this year with the power of Oculus Go. More than 6,300 stores will receive the new technology, helping the company train its employees.

Tap Strap wearable keyboard gains support for VR applications

TAP System's wearable keyboard gains support for virtual reality, now compatible with Windows Mixed Reality, Oculus Rift, and HTV headsets. Type and tap for up to eight hours in VR without needing to look at a physical keyboard.

Walmart takes $380 off the MacBook Air for a limited time

Walmart is offering a steep discount on the MacBook Air. Though the $380 discount is lovely, this offer comes with an extra charger to sweeten the deal. If you're looking to pick up an Apple MacBook for less, now is an excellent time.

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.

Documentation shows data recovery possible for Macs with T2 coprocessor

New documentation from Apple shows that data recovery is indeed possible for Macs with T2 Coprocessor thanks to internal diagnostics software, giving users of the 2018 MacBook Pro new hope in the event of a system failure.

Smart Reply not smart enough? Desktop Gmail users can soon opt out

Google will soon give desktop Gmail users the ability to opt out of Smart Reply. If you'd prefer to compose a short email the old-fashioned way, you can do so without seeing the auto-generated suggestions in the future.