Google Researcher Discovers New Attacks on Intel Processors
A senior researcher at Google has developed new attacks on central processors (CPUs) that exploit the Downfall vulnerability present in multiple families of Intel microprocessors. These attacks enable hackers to steal sensitive information such as passwords, encryption keys, emails, messages, and banking data.
The vulnerability, known as cve-2022-40982, involves a speculative execution side-channel flaw that affects all processors based on the Intel Skylake, Tiger Lake, and Ice Lake architectures.
Exploiting this flaw, an attacker could potentially extract confidential information that is protected by Intel SGX technology, a hardware memory encryption feature that isolates code and software data from other software in the system.
Intel SGX is currently supported only on server CPUs, providing an isolated program environment that even the operating system cannot access.
According to Google researcher Daniel Mokhiy, the attacks are carried out using instructions called “gather,” which expose the contents of the internal vector register file during speculative execution.
While gather instructions are typically used to optimize memory access, they can also result in data leakage from other processes running on the same CPU core.
Mokhiy has developed two methods of carrying out the Downfall attacks:
- Gather Data Sampling (GDS), which is the same method used by Intel to identify the vulnerability;
- Gathered Value Injection (GVI), a combination of GDS with the Load Value Injection (LVI) attack that was presented in 2020.
Using the GDS method, Mokhiy was able to steal 128-bit and 256-bit cryptographic keys used in AES encryption from another virtual machine running on the same physical processor core. Each system used related threads from the same processor core.
In less than 10 seconds, Mokhiy was able to steal the AES round keys, byte by byte, and combine them to break the encryption. It is important to note that the Downfall attacks require the attacker to be on the same physical processor core