Researchers have uncovered yet another flaw in Intel’s hardware. It can allow attackers to eavesdrop on virtually every bit of raw data that a victim’s processor touches.
A supergroup of security researchers around the world found a new speculative execution attack against Intel chips that lets an attacker who can run code on a victim machine, even from inside VM or browser, steal all the data the CPU touches. https://t.co/9oZvp7IqNo
— Andy Greenberg (@agreenberg at the other places) (@a_greenberg) May 14, 2019
Jake Moore, Security Specialist at ESET:
“Spying tools should never be underestimated, as they are constantly being tried and tested in the wild. Being able to eavesdrop on a target is always a favourite in a cyber criminals’ toolkit but we also shouldn’t forget that tools such as this aren’t just used by the bad guys. We all remember EternalBlue and how that was used to exploit data by actors on both sides of the law.
Tricking the CPU into revealing protected data could have massive implications to millions of people around the world. Such data could easily include their passwords or even keys to decrypt their encrypted hard drives. Luckily there is now a tool you can use to test the vulnerability on your machine.”
Kevin Bocek, VP of Security Strategy & Threat Intelligence at Venafi:
“This vulnerability represents a scary reality that’s actually been around for a quite a while – attackers exploiting the identities of machines to obtain sensitive data. Things like code signing keys, TLS digital certificates, SSH keys are all incredibly valuable targets, and chip vulnerabilities like this make it possible for hackers to steal these critical security assets when running on nearby cloud and virtual machines.
“Some security professionals have forgotten about Heartbleed, but this vulnerability proves that we should expect similar attacks in the future. Security teams need to accept that they won’t be able to avoid vulnerabilities like ZombieLoad; instead they need to focus on protecting the keys and certificates attackers are targeting. Properly responding to a chip vulnerability requires complete visibility of where all keys and certificates are located, intelligence on how they are being used and the automation to replace them in seconds, not days or weeks. Security professionals should consider vulnerabilities like ZombieLoad a dress rehearsal for the day quantum computing breaks all machine identities. “
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.