Researchers from BitDefender have uncovered a concerning security vulnerability present in all modern Intel processors. If executed, the flaw could permit an adversary to access the computer’s kernel memory, which could potentially result in them gaining access to sensitive information, like passwords, tokens, and private conversations.
The flaw affects all machines using Intel processors that support the SWAPGS system call, which allows the processor to swap between the kernel mode and user mode memory rings. This feature is part of the speculative execution features present in most modern processors, which allow the CPU to predictively execute tasks in anticipation of them being required.
Troublingly, the flaw bypasses most of the hardware-level protections introduced after the Spectre and Meltdown security issues.
The latest Intel security nightmare
Speculative execution can result in improved performance for the end-user, but it also presents a tempting avenue of attack for anyone wishing to access sensitive information. It’s no surprise that most of the silicon-level attacks we’ve seen in recent years have focused on this feature, most notably Spectre, Meltdown, and Foreshadow.
The SWAPGS instruction is found in most Intel CPUs released after 2012, including those released after Ivy Bridge. On the consumer side, the flaw impacts the third generation of Intel Core processors and beyond, although Bitdefender notes that it also presents a grave threat to enterprise users, as well as those using Intel processors on servers.
In a statement, Gavin Hill, Vice President, Datacenter and Network Security Products at Bitdefender said: “Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy.”
As with any chip-level threat, anyone using shared computing platforms are among those at the greatest risk. Those using a cloud computing provider could, for example, see an attacker exploit this vulnerability to access credentials and information within their own user space, such as private encryption keys and passwords.
BitDefender predicts that this will ultimately be used as a component within a targeted attack. Due to the inherent complexity of chip-level exploits, it doesn’t foresee a situation where it’ll be used in a mass-malware pandemic, such as when the NSA-developed exploit EternalBlue was used to spread the infamous WannaCry ransomware.
Why this matters
Intel processors sit at the heart of most modern computers. This ubiquity presents a troubling security challenge. If a security flaw is discovered at the heart of a computer, it’s extremely challenging to mitigate it.
If a fix is found (which isn’t always a given), it’s often deployed in microcode patches, which many home users may neglect or struggle to install. Furthermore, as we found with the Spectre and Meltdown flaws, any fixes might result in a dramatic deterioration in computer performance.
Fortunately, in this particular case, BitDefender has worked with Intel, as well as other stakeholders, including Microsoft and the Linux Foundation, for over a year to produce a fix that remedies the problem. The company advises users install the latest security patches from their operating system manufacturer with haste.
The company also recommends enterprise users install BitDefender Hypervisor Introspection, which provides protection against many chip-level attacks.
Still, as with any vulnerability that impacts a large swathe of the world’s computers, it’ll take a long time before all systems are protected against this exploit. We saw this trend with Heartbleed, the OpenSSL vulnerability discovered in 2014. Almost three years after its initial discovery, over 200,000 Internet-accessible machines remained unpatched – and therefore insecure.