In conjunction with news earlier this year regarding Meltdown and Spectre vulnerabilities, Intel chips have been facing speculation around a new security flaw. The Foreshadow vulnerability, or otherwise known as L1 Terminal Fault (L1TF), was recently discovered by research teams DistriNet and KU Leuven. Today, SkySilk will be rolling out newly released Intel chip security updates which protect against the vulnerability.
What is Foreshadow and how does it work?
As Intel describes L1TF, “Each variety of L1TF could potentially allow unauthorized disclosure of information residing in the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next”. The L1, also called the system cache, always resides on the computer processor and is the fastest of the hierarchy. So how exactly does the Foreshadow vulnerability exploit these chip vulnerabilities?
An overview of Foreshadow and how it relates to Meltdown and Spectre
Foreshadow is a vulnerability found with Intel SGX technology. This may allow attackers to expose, manipulate, and possible replicate sensitive user data. However, before explaining Foreshadow, it is important to understand the process by which the Spectre and Meltdown vulnerabilities operated.
Spectre and Meltdown: How do these vulnerabilities work?
These attacks exploit something called speculative execution. Within the process of speculative execution, there is a CPU feature which can essentially “speculate” future tasks and thus completing them. This leaves a security flaw in which the attacker can re-route these processes in order to gather private user information.
Fortunately, Intel SGX technology protects against Spectre and Meltdown by protecting user data and denying access to these processes which try and gain access to this information. However, Foreshadow manipulates this process in a clever way, which is what researchers exposed.
What does the foreshadow attack do differently?
The Foreshadow attack begins in a similar fashion to that of Spectre and Meltdown. Although it doesn’t try to directly penetrate the SGX security layer placed around user data. Instead, the attacker forms a copy of this information and places it in an alternative, un-secure location. Since the attacker still has control over these speculative execution processes, they can now “send” them to read that copy of the sensitive data in the new, exposed location. Furthermore, the attack can then create new copies of this data which appear to be legitimate on the user’s end, therefore “tricking” them into adding sensitive data into these new, un-secure copies.
Intel chip security updates and mitigating the Foreshadow vulnerability
Fortunately, Intel released updates which mitigate foreshadow attacks prior to its public announcement. Therefore, updated systems will protect from the foreshadow vulnerability. In addition, it is important to add that SkySilk has performed Intel chip security updates to prevent from this type of malicious activity.
SkySilk is updating systems to protect from Foreshadow
Provided are the firmware updates to mitigate the security vulnerabilities. It is also important to note that there have been no publicly documented cases of foreshadow being used. These are purely preventative (but certainly still important) security measures. Additionally, foreshadow has not yet been researched or proven to affect AMD CPUs.
READ MORE ON SECURITY: