After Meltdown, Intel faces another security flaw issue in its chipset

At the start of 2k18, Intel was given a shock when Meltdown was found. Meltdown – a security level flaw was detected which caused the computer’s processors to melt due to the extreme heat generated by running some kind of applications. Intel then gave a statement that they will be increasing the prize of the bug bounty program to find more chip-level flaws in its processors. But unfortunately, another such flaw in the processors has come out in the market.

VARIANT 4

The new flaw named titled Speculative Store Bypass (Variant 4) were disclosed by the Google’s Project Zero and Microsoft’s Security Response Center. “This flaw may allow the attacker to read older memory values which were present in the stack or other memory locations of the modern architecture processors”, reported by the United States Computer Emergency Readiness Team. It uses speculative execution which is an optimization technique to expose data through the side channel. The attack has said to be working on “language based runtime environment” the sort of thing in a web browser like Javascript but Intel has not found any evidence regarding successful browser-based exploit till now. More than 50 percent of the Intel’s processor which includes the like of Atom, Core, and Xeon processors are affected by this flaw.

DISCOVERY OF THE FLAW 

Google’s Project Zero head Horn said that he first discovered the flaw by noticing the Intel’s Optimization Manual. He said that, while loading an instruction the microprocessor fetched the preceding store location till all the locations were known. Experimenting further, Horn found that this effect can be used to cause a speculative exclusion which can continue far enough inside the memory location which will cause the pointer to read the data from the memory location which were previously being ignored. In November 2017, Microsoft disclosed the flaw to its selected industrial partners which was later revealed to everyone.

via

INTEL’S RESPONSE TO THE SECURITY FLAW 

Intel has tried to wash away all the claims by stating that it has not seen any real time case of its processor being affected by the language-based security flaw and that they have been dealt in the last update itself which was released for Meltdown in the month of January.

Intel rated the vulnerability as mediocre as it says the major web browsers have already released the patch for it. Intel has sent patches to the OEMs so firmware updates can be issued for its products. The Speculate Bypass Protection can also be enabled which is disabled by default. Enabling the protection mode will cause a dip of two to eight percent in the performance of the processors. So, Intel provides the users with the ability to enable the tight security mode with a little dip in the performance. The same update also provides protection against the Variant 3a (Rogue System Register Read) which the Intel claims that it has never received any case of such.

VERDICT

All the security flaws affecting the Intel’s processors have started to arrive and this may continue until new chips are released. There will not be a permanent solution to these and the company will be releasing patches now and then whenever they find a flaw reported. Variant 4 may not be a major security flaw as there has not been any universal hardware related flaw before, but they are not totally out of danger as we don’t know where it might end. Hopefully, Intel and other companies end up releasing a new chipset which addresses all the flaws and enhances the security of data stored.

Leave a Reply

Your email address will not be published. Required fields are marked *