Computer security operates on a few basic principles, and one of them is that data in use by one application should not be available to another without permission. This basic architecture should in theory keep one application from snooping on another and stealing, for example, a bank key from a password manager. When that principle breaks down, it can be devastating.
Since at least 2014, several generations of Intel CPUs have been vulnerable to exactly this type of data leak, exposing billions of chips to an attack that can easily be used to steal sensitive data, including encryption keys. New research by Daniel Moghimi, a computer security expert at the University of California, San Diego, and Google, set to be presented this week at the Black Hat cybersecurity conference in Las Vegas finds that several generations of Intel’s ubiquitous x86 processors rely on a technique to increase performance that also introduces a vulnerability — dubbed Downfall — that challenges basic assumptions about computer security.
To enable high-speed parallel processing, the x86 architecture relies on a small “register buffer” to store data. Different applications share this buffer, and when the CPU executes a command known as “gather,” it can read data left in the register by another application and forward it to an attacker.
Computer hardware should isolate data used by different applications, but by using the Downfall vulnerability, an attacker running one application can easily steal passwords, encryption keys and other sensitive data from another. In theory, a malicious tab on your browser could use this flaw to steal a banking password from another tab.
“When you have a vulnerability like this, essentially this software-hardware contract is broken, and the software can access physical memory inside the hardware that was supposed to be abstracted away from the user program,” Moghimi told CyberScoop in an interview. “It violates a lot of assumptions we make in general about operating system security.”
The implications of the flaw are huge. Intel has likely sold billions of processors that include the vulnerability, which has existed since at least 2014. The flaw affects both personal and cloud computers, and the vulnerability can likely be used to break the isolation that ought to exist between data belonging to users on a cloud computing device.
Though the exact number depends on the vendor, several dozen clients might share any given cloud computing machine. A malicious user could use Downfall to steal sensitive data, such as administrative credentials, from other users on a cloud computing device and then use those credentials to gain additional access.
Cloud security runs on the premise that data belonging to one user can be isolated from data belonging to another. Downfall profoundly challenges that assumption at a time when there are growing questions about whether cloud computing is able to fully deliver on its perceived security benefits.
A spokesperson for Intel said the vulnerability was discovered “within the controlled conditions of a research environment” and that the “attack would be very complex to pull off outside of such controlled conditions.” Recent generations of Intel processors — including Alder Lake, Raptor Lake and Sapphire Rapids — are not affected, the spokesperson noted.
Downfall is similar to recent major CPU vulnerabilities such as Meltdown and Spectre, and as hardware grows more complex, Moghini says that more vulnerabilities like Downfall will be discovered, highlighting the need for chip designers to balance performance demands with security needs.
In their relentless pursuit of speed and to keep alive the spirit of Moore’s Law, chip designers are increasingly turning to design innovations to squeeze ever more performance out of chips, and Downfall illustrates how the pursuit of speed can create security vulnerabilities.
“While the mechanism is quite different, this technique has echoes of Meltdown/Spectre in that it exploits another workaround Intel has used to speed up the affected chips,” said Trey Herr, who directs the Atlantic Council’s Cyber Statecraft Initiative. “It shows the challenge Intel and others have had trying to cushion the blow of Moore’s Law coming to an end.”
As it becomes increasingly difficult to squeeze more transistors onto a given piece of silicon, chip architects are turning to design tricks that optimize for speed. The “gather” function at the heart of Downfall is one such need-for-speed enhancement, and Moghini said the potential for such performance-improving designs to introduce security vulnerabilities was one reason why he decided to study the gather function.
“Whenever you have an optimization feature on the CPU, there is always a chance that those optimizations may introduce vulnerabilities,” he said.
Moghimi first discovered the flaw in 2022 and reported it to Intel, which quickly validated the vulnerability and asked Moghimi to abide by a year-long embargo while the firm fixed the problem. With Moghimi’s research now public, Intel is rolling out a microcode fix, which will require an operating system update to implement and will result in a performance penalty. An Intel spokesperson said that most workloads will not see a performance penalty due to the fix but that vectorization-heavy workloads may be affected. (The full list of affected processors is here.)
The nature of that fix, however, illustrates how Downfall exploits the basic architectural design of a chip to steal data. “The fix cannot solve the root cause of the issue, which is sharing physical hardware with other processes,” Moghimi added.
A spokesperson for Intel said the firm is not aware of any in-the-wild exploitation of the flaw, but detecting Downfall’s exploitation is highly difficult. And since the flaw has existed since 2014, it is possible it has been exploited without our knowledge. That is especially concerning because discovering Downfall and creating exploits for it was fairly easy.
“When I discovered this vulnerability, it took me maybe a couple of weeks to come up with attacks that work,” Moghimi said.
Moghimi says the vulnerability is ideally suited for theft of encryption keys and passwords, and as part of his research, he developed methods to trivially steal 128- and 256-bit AES encryption keys using Downfall.
“I was just a one-person researcher without any resources,” he added. “You can imagine if you have a team of black hat hackers, you can probably do a lot more with it.”