How does Zombieload work?

The way Zombieload works is by pushing a significant amount of data which the processor can’t process. This results in the processor having to rely on the microcode to decipher this zombie load and in doing so, applications that are currently residing on the CPU cache can access another application’s data. As per security conventions, each application is only allowed access to its own data. This vulnerability, when exploited, allows access to everything that’s currently stored in the CPU CACHE.

In a video, the security researchers that discovered the bug showcased how they could see which websites were being viewed on the target computer, in real time. Since the exploit gives access to everything in the target processor’s cache, even passwords and other sensitive data can be easily accessed.

The researchers had informed Intel about the vulnerability last month to allow them sufficient time to patch it. Zombieload was discovered by a group of security researchers including Michael Schwarz, Moritz Lipp, Daniel Gruss (Graz University of Technology), and Jo Van Bulck (imec-DistriNet, KU Leuven).

Are you safe?

Practically all Intel CPUs including the server-grade Intel Xeon and the consumer-grade Intel Broadwell, Sandy Bridge, Skylake and Haswell chips are affected. The more recent Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected. Also, all Atom and Knights processors are included in the list of vulnerable CPUs.

Since consumer and server grade processors are affected, Zombieload can be exploited to gain access to your data stored on your personal PCs as well as your data stored on cloud services.

A proof of concept Zombieload exploit code has been released to the public via Github.

How do you protect yourself?

Update. Intel has already worked with major hardware and software companies to push a microcode update. If you’re on Windows or Linux, you should have received an update with the new security patch.

As for cloud services, all major cloud service providers including Google, Apple and Microsoft have already deployed the security updates to protect the affected processors.

Does the  Zombieload patch affect performance?

Like Spectre and Meltdown, when Zombieload is patched there will be a performance impact. On consumer PCs, this will be about 3% and on server PCs the impact will be about 9%.

Source link