Intel processors are vulnerable to a new attack that can leak data from the CPU’s internal memory — also known as the cache.
The attack, described as “Snoop-assisted L1 Data Sampling,” or just “Snoop” (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz, a software engineer at Amazon Web Services (AWS). At the technical level, the new Snoop attack takes advantage of CPU mechanisms like multiple cache levels, cache coherence, and bus snooping.
A list of Intel processors, which includes Intel series like Core and Xeon CPUs,that are vulnerable to Snoop attacks is available here.
Intel microprocessors use very high speed hardware cache to store various data types and parameters for command execution. The Snoop attack is yet again another flaw from Intel that could allow a skilled attacker to steal sensitive information from the cache, including encryption keys, passwords and other secret data. Intel has released a number of guidelines and patches for operating system vendors and equipment manufacturers. Organisations can defend against this type of threats by adopting multi-layers of defence. Essentially, an attacker with unfettered access to a device can execute malware to exploit this flaw. Common practices such as ensuring that your antivirus definitions and patches on client devices & servers are fully up to date is imperative.
For organisations to mitigate effectively against this flaw, it\’s crucial they ensure browsers are patched with the latest recommended patches to make it significantly more difficult for criminals to exploit this vulnerability. A defence-in-depth strategy involving a combination of technological controls, security awareness training and processes will strengthen the organisation\’s posture to make this vulnerability harder to exploit.