Memory cache vulnerability raises spectre of Intel chips being exploited by hackers

PC servers that use Intel's hyperthreading technology to improve performance could be affected by a security problem with the...

PC servers that use Intel's hyperthreading technology to improve performance could be affected by a security problem with the chip's design.

Major Unix suppliers have already issued patches for the flaw, which so far appears not to affect Windows users.

Intel processors that use hyperthreading include Xeon, Pentium 4, Mobile Pentium 4 and Pentium Extreme Edition.

Hyperthreading allows two or more applications to run more efficiently in a multi-tasking environment by using different components (or execution units) on the processor to run the code for each application. Each application to runs in a separate process.

The problem relates to cache memory, which is rapid-access memory used to ensure that the processor can run as fast as possible.

The speed at which a computer can access its main memory is usually much slower than the processor speed. Because of this, hardware designers use very fast cache memory to retain frequently accessed information, which speeds up the operation of the processor. The larger the cache, the less time the processor needs to hang around for the slower main memory to catch up.

In a paper presented on the web last week, independent security researcher Colin Percival said a hacker could take advantage of the fact that the multiple application processes can share access to a hyperthreading chip's cache memory. A rogue program could access information within the cache and any application using the cache would be affected by such an attack.

Percival described an example where a hacker might capture information left behind in the cache while the chip moved on to the next process. This vulnerability does not exist with a traditional single-threaded chip, which clears the memory cache before moving on to the next process.

By repeatedly capturing information in previously used areas of the chip's cache, a hacker could build up sensitive pieces of information, including security keys, Percival said.

He recommended that the operating system should manage the cache and clean it by flushing out all the data it holds when it switches processes to run another application.

In his paper Percival said, "We also recommend that operating systems provide some mechanism for processes to request special 'secure' treatment, which would include flushing all caches upon a context switch."

FreeBSD, NetBSD and SCO have all issued workarounds for the flaw.

Percival said cryptographic libraries should be rewritten to avoid any data-dependent or key-dependent memory access.

Intel said, "The vulnerability is best mitigated through changing the cryptographic implementation."

An OpenSSL spokesman said the company would be releasing a patch that included the mitigation.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.