Intel chips at risk from major new security flaw
Silicon chip redesigns may be necessary to protect against LVI attacks
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new security flaw inIntel processorshas been disclosed by vulnerability researchers at Bitdefender as well as by a team of academics from universities around the world.
The flaw has been given the name Load Value Injection or LVI for short and it represents a whole new class of theoretical attacks that can be launched againstIntel’s CPUs. Although the attack is just a theoretical threat at this time, Intel has already released firmware patches to mitigate attacks against its current CPUs and the chipmaker plans to deploy fixes at the hardware level in future generations.
While theMeltdownbug, that was first discovered in 2018, allowed attackers to read an app’s data from inside a CPU’s memory while in a transient state, LVI attacks could allow an attacker to inject code inside the CPU and have it executed as transient operation which would give attackers more control over what happens.
The two research teams discovered the new LVI attack on their own but both teams have been successfully able to prove the broad impact that LVI attacks could have. The academic research team focused on leaking data from a secure area of Intel processors called theIntel SGX enclaveandBitdefenderfocused on proving how the attack could impact cloud environments.
LVI security flaw
At this time, only Intel CPUs have been confirmed to be impacted by LVI attacks in real-world tests, though the researchers have not ruled out that CPUs fromAMDandARMcould also be affected.
Proof-of-concept demo code for LVI attacks currently relies on running malicious code on a computer which means that local access is needed. However, a remote attack could also be possible via JavaScript by tricking users into visiting a malicious site.
Using JavaScript to launch an LVI attack has not yet been proven but the academic researchers and Bitdefender both believe that this delivery method could theoretically work.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Thankfully though, both teams also came to the conclusion that an LVI attack would be difficult for an attacker to pull off. While this new attack type may not pose a danger to users now, once more is learned about how CPUs work, the current CPU design will likely be proven to be insecure.
Expect to hear more about LVI attacks as researchers and hardware makers learn more about this new type ofCPU security flaw.
ViaZDNet
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Don’t search for information on cats at work — you could be at risk of being hacked
Key Strategies for financial institutions to combat fraud
3 questions to ask before buying a robot vacuum in the Black Friday sales
