New Intel Chipset Vulnerability Foreshadow Revealed

  • With Meltdown and Spectre making all the news last year, Intel is facing yet more security flaws in their chipsets.
  • A new ‘Foreshadow’ flaw has been discovered by security researchers which affect Intel hardware released after 2015.
  • Cloud computing systems and virtual systems are also vulnerable to the new security flaw.

Security flaws and Intel are becoming synonymous with yet another hardware vulnerability making the rounds. Joint research by KU Leuven University (Belgium), University of Michigan and University of Adelaide have revealed a new chipset vulnerability which is being touted as the new Foreshadow vulnerability.

Intel has already released a patch for the Foreshadow vulnerabilities and future processors will be modified to prevent security issues. Virtual machine and cloud providers will need to individually patch their systems and major cloud service providers like Google, Amazon Web Services, and Microsoft Azure have already deployed patches.

There are two major kinds of attacks possible with the new vulnerability. The first method allows attackers to read any information located in the L1 cache including system information and OS kernel data. A more robust attack involves bypassing security checks that may be in place to prevent execution attacks similar to Meltdown and Spectre. The Foreshadow vulnerability allows attackers just a single compromised SGX machine to hack an entire SGX ecosystem.

The vulnerability was disclosed to Intel in January and for the first time, cloud computing systems and virtual systems can also be affected. All Intel chipsets released after 2015 can be affected along with the top-end Core and Xeon server chipsets. The manufacturer has released a list of affected chipsets and revealed that no exploits are using the flaw at this time.

The attack is different from the Meltdown vulnerability as it attacks virtual machines and the data stored in devices. Patches that were deployed to stop Meltdown and Spectre are said to be ineffective against Foreshadow. There are no detection tools capable of identifying the vulnerability as of now.

Cryptography expert and Chief Scientist Yehuda Lindell of Unbound Tech, responded to us via email stating,”Foreshadow attack as another in a long string of never-ending hardware-related security vulnerabilities. I feel that organizations in need of security shouldn’t depend on TEE’s or any other non-isolated hardware for root-of-trust components. Also, there are inherent limits to the security a TEE can provide when they run on the same CPU as malware.”

What do you think about the new Foreshadow vulnerability? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.

REVIEW OVERVIEW

Recent Articles

Multiple Flaws in Apache Guacamole Leave Sour Taste for Corporate Networks

Check Point warns about an exploit chain leading “full network control” attack against corporate networks. The discovered flaws concern the FreeRDP 2.0.0...

Massive “V Shred” Data Breach Exposes More Than 99,000 Customers

“V Shred” has left an unprotected database online, exposing the sensitive details of 99,000 clients. The data that has leaked includes names,...

TrickBot Malware Has Updated Itself With Anti-Analysis Features

TrickBot is now checking what resolution it’s running on and stops if it’s an unusually low setting. The notorious trojan is checking for...

Top Selfie Beautification Apps Available in India Right Now

The ax of the Indian government has cut even the popular selfie beautification image apps “YouCan Makeup,” “Selfie City,” and “Meitu,” in the context...

Top 5 Alternatives for the “DU Battery Saver” That Was Banned in India

Due to the recent ban of 59 Chinese apps imposed by the Indian government, the “DU Battery Saver” has been blocked in the country....