icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
15 May, 2019 00:09

ZombieLoad: New critical flaw affects most Intel processors, exposes keys, browsing history & more

ZombieLoad: New critical flaw affects most Intel processors, exposes keys, browsing history & more

Researchers have found another security flaw in the Intel processor chips that power most of the world’s computers, one that can compromise users’ private data – and that can’t be fixed without a major performance drop.

The exploit, dubbed ZombieLoad, is embedded in Intel’s processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips’ performance. The vulnerability may allow attackers to ‘resurrect’ critical data processed by the chip – from browser history and passwords to disk encryption keys and other system-level sensitive data.

Also on rt.com WhatsApp vulnerability exploited by Israeli spyware targets human rights campaigners

Its reach isn’t even limited to the end-user’s computer, according to researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss from Graz University of Technology and Jo Van Bulck from KU Leuven: it “can also be exploited in the cloud.” 

Intel claims there is no evidence Zombieload was exploited by real-world actors, but as the researchers explain, because it’s a hardware vulnerability, attackers who use it may not leave the traces of outside interference found with typical software exploits. It’s also ‘unlikely’ such activity would be caught by an anti-virus program, though secondary attacks that use it to invade a user’s system might set off alarms.

Intel has reportedly addressed the problem “at the hardware level” in its newest processors, while releasing microcode and software updates to patch older chips. Apple, Microsoft, Google, and Mozilla have all issued their own patches, but some users might have to brace for as much as a 40 percent reduction in performance.

Also on rt.com Popular GPS tracker can be remotely hacked anytime, warns security firm

ZombieLoad was discovered by the same researchers who uncovered the notorious Spectre and Meltdown vulnerabilities in 2017, a finding which shook the computer world’s sense of security to its core. Meltdown affected almost every processor Intel had ever manufactured going back to the mid-1990s. Spectre, which proved more difficult to patch even at the software level, also afflicted Intel’s competitors, including AMD and ARM, which manufactures chips for smartphones and other internet-of-things devices. Savvy users were forced to reconsider the wisdom of cloud computing – even if they patched their own machines, their data was only as safe as the processors the cloud providers used.

If you like this story, share it with a friend!

Podcasts
0:00
28:18
0:00
25:17