Researchers have uncovered yet another flaw in Intel’s hardware. It can allow attackers to eavesdrop on virtually every bit of raw data that a victim’s processor touches.
A supergroup of security researchers around the world found a new speculative execution attack against Intel chips that lets an attacker who can run code on a victim machine, even from inside VM or browser, steal all the data the CPU touches. https://t.co/9oZvp7IqNo
— Andy Greenberg (@agreenberg at the other places) (@a_greenberg) May 14, 2019
Jake Moore, Security Specialist at ESET:
Tricking the CPU into revealing protected data could have massive implications to millions of people around the world. Such data could easily include their passwords or even keys to decrypt their encrypted hard drives. Luckily there is now a tool you can use to test the vulnerability on your machine.”
Kevin Bocek, VP of Security Strategy & Threat Intelligence at Venafi:
“Some security professionals have forgotten about Heartbleed, but this vulnerability proves that we should expect similar attacks in the future. Security teams need to accept that they won’t be able to avoid vulnerabilities like ZombieLoad; instead they need to focus on protecting the keys and certificates attackers are targeting. Properly responding to a chip vulnerability requires complete visibility of where all keys and certificates are located, intelligence on how they are being used and the automation to replace them in seconds, not days or weeks. Security professionals should consider vulnerabilities like ZombieLoad a dress rehearsal for the day quantum computing breaks all machine identities. “