DOWNFALL ATTACK ON INTEL CPU, EXPOSING SENSITIVE INFORMATIONS

An attack known as Downfall has been discovered in INTEL CPU, by a google researcher. The downfall attack, which is known to target weakness discovered in billions of modern processors, was announced on 8th August 2023 (Tuesday), to have been exploited on intel CPU’s.

An attack known as Downfall has been discovered in INTEL CPU, by a google researcher. The downfall attack, which is known to target weakness discovered in billions of modern processors. Image source Google.

The attack which exploits the CVE-2022-40982, allows threat actors or a piece of malware, to manipulate the system locally; and obtain sensitive information’s such as encryption keys, and passwords of the targeted device.

An attack which is also known as the transient execution attack, also can exploit a cloud environment giving hackers ability to exfiltrate data or sensitive information of other users on the same cloud computer.

According to Security week:

“The vulnerability is caused by memory optimization features in intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally accessible.”

In a statement issued by Google Senior Research Scientist (Daniel Moghimi):

“I discovered that the gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.” – Source (Securityweek.com)

Daniel stated that he has gone ahead to create a prove of concept (POC) exploit, which is able to steal encryption keys from OpenSSL. He stated that the report has be filed to intel over 12-months ago, and confirmed that the GDS (Gather Data Sampling), is highly practical.

Further illustration shows the possibility of a remote attack via a web-browser application. However, additional research is needed, to be able to prove this possibility.

On the 8th August 2023 (Tuesday), Intel published security information based on the (advisory) disclosing the vulnerability, severity, impact, and mitigation. In a statement issued on their website:

“A potential security vulnerability in some intel processors, may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability.”

The vulnerability which is assigned CVE-2022-40982, has a CVSS Base Score of 6.5; considered to be medium, and a list of the affected intel products can be read here.

The company recommended that users using the affected intel processors should take quick action, in updating to the latest version of the firmware, that is made available by the manufacturer (intel).  Also, Intel SGX customers, are recommended to update the microcode located in platform flash, which is designated by Firmware Interface Table (FIT) entry point.

Information addressing the microcode loading points can be obtained here.

SecurityWeek stated in a blog post, that the same Google researchers, were responsible  in disclosing the Zenbleed a vulnerability associated with the AMD Processor, which allows an attacker to access sensible information.

On the same August 8th 2023, the Downfall vulnerability was publicly disclosed, a group of researchers at ETH Zurich disclosed information of Inception, a kind of attack that leaks sensitive data from anywhere in the memory of devices that utilizes AMD Zen Processors.

 

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments