Intel security flaw could compromise data of millions


It’s hasn't been a good year for microchip manufacturer Intel, as it disclosed its third prominent technological liability in this year alone.

In a statement released by the company on Tuesday, it was revealed that a flaw in its recently-developed microchips could allow hackers to steal confidential data from memory drives, and thus compromise the information of thousands of users across the globe.

Two teams of cybersecurity researchers, one from KU Leuven University in Belgium and the other which comprised of experts from the University of Adelaide and the University of Michigan, independently found the vulnerability, now named L1TF and nicknamed Foreshadow.

The flaw is a part of Intel’s SGX core technology developed in 2015, which was originally used to create an extra layer of security in the chip’s memory. However, through Foreshadow, cyber criminals have had the capacity to access all sections of the memory server, including sensitive data, passwords, and keys to tap into more long-term memory.

According to the US Government’s Computer Emergency Readiness Team, hackers would be able to copy such sensitive information and store it in a secure enclave to later access it. Furthermore, installing security software to protect devices against hacks will not work against this particular flaw.

In spite of this, and the fact that flaws in hardware are generally harder to resolve than in software, the researchers have concluded that Foreshadow is more difficult to hack than most other vulnerabilities.

Intel reported two other vulnerabilities nicknamed Meltdown and Spectre at the beginning of 2018 which exploited the ‘speculative execution’ feature that was designed to increase the speed of chips. The company came under fire for releasing the chips to the public before developers could finish fixing its bugs.

This time, however, Intel kept the discovery of Foreshadow to themselves (despite learning of it from the researchers in January itself) in order to allow time to implement as many security measures as possible before informing the public.

Yuval Yarom, a microarchitecture security expert and one of the researchers that discovered Foreshadow said: “There were certain aspects that were surprising and certain aspects that weren’t. We thought speculative execution could get some information from SGX, but we weren’t sure how much. The amount of information we actually got out – that took us by surprise.”

Although security measures have now been put in place and the public has been warned of this vulnerability, Intel has not revealed how many users have been affected by the flaw in the meantime as a result of not updating their devices. Once updated, however, devices will be less susceptible to a hacking attempt.

Cloud-service providers and users are perhaps the most vulnerable to the compromises caused by Foreshadow, but executive vice president at Intel, Leslie Culbertson, said that the company’s future processors will be adapted to address Foreshadow.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *