![]() ![]() While the media were mostly reporting on Moghimi’s findings, Reddit was abuzz with comments and discussions. Herr also stressed how optimization features will always be a liability: “Whenever you have an optimization feature on the CPU, there is always a chance that those optimizations may introduce vulnerabilities,” he said. “It shows the challenge Intel and others have had trying to cushion the blow of Moore’s Law coming to an end.” “While the mechanism is quite different, this technique has echoes of Meltdown/Spectre in that it exploits another workaround Intel has used to speed up the affected chips,” said Trey Herr, who directs the Atlantic Council’s Cyber Statecraft Initiative. What have others said about the flaw?Ĭommenting on the findings on Cyberscoop, Trey Herr, who directs the Atlantic Council’s Cyber Statecraft Initiative, likened Downfall to the dreaded Meltdown and Spectre vulnerabilities which made tectonic shifts in the cybersecurity industry: Intel says there’s no evidence of the flaw being used in the wild. In fact, he built a way to steal 128- and 256-bit AES encryption keys. Moghimi says Downfall could be used to steal encryption keys and passwords. The company gave the flaw a medium severity rating. Vectorization-heavy workloads, on the other hand, might be affected. Intel did release a microcode fix, with the company spokesperson claiming “most workloads” won’t experience a performance decline. Consequently, any fix to the problem will also come at the expense of performance. When the hardware itself can no longer provide that improvement, and Moore’s law can no longer be honored from a hardware perspective, they turn to more creative solutions. The flaw exists, researchers argue, because original equipment manufacturers (OEM) such as Intel constantly strive to improve hardware performance. Even though the company was quick to acknowledge the flaw, it added that it was found “within the controlled conditions of a research environment,” adding that an “attack would be very complex to pull off outside of such controlled conditions.” It was also added that newer Intel chips, such as Alder Lake, Raptor Lake, and Sapphire Rapids, were not susceptible. ![]() However, getting to the point of stealing data is a lot harder than it seems, particularly if you ask Intel. If these devices are susceptible to Downfall, that means that hackers capable of exploiting it will have a field day, stealing sensitive information from numerous high-profile organizations around the world. The basic premise of public cloud offerings is that multiple companies can use the same servers to store data, run apps in the cloud, and more. The full list of affected devices can be found here, but to save you the trouble, it affects plenty of chips used in servers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |