Security News > 2023 > August > Downfall attacks can gather passwords, encryption keys from Intel processors

A variety of Intel Core processors and the devices using them are vulnerable to "Downfall", a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private data from other users on the same personal or cloud computer.

" is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.

"It took me 2 weeks to develop an end-to-end attack stealing encryption keys from OpenSSL. It only requires the attacker and victim to share the same physical processor core, which frequently happens on modern-day computers, implementing preemptive multitasking and simultaneous multithreading."

Desktop computers, laptops, tablets, cloud servers and other devices using Intel Core processors from the Skylake chip family, the Tiger Lake family, and the Ice Lake family are affected.

They have now released a microcode update that blocks transient results of gather instructions and prevents attacker code from observing speculative data from the Gather instruction.

"The attack technique we demonstrated can broadly apply, even though each vendor implements Gather and SIMD register buffers differently. Our preliminary tests on AMD Zen2 showed no sign of data leaks, but we plan to continue our investigation of automated and scalable testing of other CPUs manufactured by Intel and different vendors. Intel has shared the paper with other CPU and software vendors so that those organizations can assess the impact on their products."

News URL

https://www.helpnetsecurity.com/2023/08/09/downfall-cve-2022-40982/