What Is Foreshadow? How This Intel CPU Vulnerability Might Affect You | Computing
The Spectre and Meltdown security vulnerabilities continue to haunt Intel, AMD, and other microprocessor manufacturers. After the initial revelations and ill-fated patches, Intel hoped their deep-rooted issues would remain dormant.
What Is the Foreshadow Vulnerability?
Foreshadow, alternatively known as the L1 Terminal Fault (L1TF), is the latest exploit to hit Intel Core CPUs. The Foreshadow announcement brings the total number of speculative execution vulnerabilities for Intel CPUs to three, on top of the previous two Spectre and Meltdown vulnerabilities.
There are three aspects to Foreshadow. The first one specifically targets Intel’s Security Guard Extensions (SGX), a feature in Intel 7th generation chips that, ironically, is designed to protect code from unauthorized modification. The other two affect nearly all other Intel CPU generations.
Foreshadow is the result of the independent collaborative security research of two teams: imec-DistriNet at KU Leuven, and a combined team from the University of Michigan, the University of Adelaide, and CSIRO’s Data61.
“What our attack does is it uses techniques that are very similar to the Meltdown attacks from six months ago,” explains Professor Thomas Wenisch from the University of Michigan. “But we discovered we could specifically target a lock box within Intel’s processors. It would let you leak any data you want out of these secure enclaves.”
The main issue is clear: Foreshadow lets an attack access secret information held in the computer’s memory. Intel’s technical manuals state that areas of memory can be marked as off-limits, but the opposite is true. A machine running malicious code, or a guest virtual machine on a cloud server, can access areas of memory they shouldn’t be able to, thereby exposing sensitive data.
“We are not aware of reports that any of these methods have been used in real-world exploits,” reads a blog post on Intel’s website. “But this further underscores the need for everyone to adhere to security best practices.” The blog continues, elaborating on how future processors would not suffer the same vulnerabilities.
The Three Aspects of Foreshadow
There are three separate vulnerabilities in Foreshadow, and each has its own CVE code:
- CVE-2018-3615: The Software Guard Extensions (SGX) vulnerability. A system using SGX “may allow unauthorized disclosure of information residing in the L1 data cache.”
- CVE-2018-3620: Affects operating systems and system management modes (SMM). Systems that use “speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache.”
- CVE-2018-3646: Affects virtual machine and hypervisors. Specifically, the vulnerability “may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege.”
The Intel CVE descriptions page also features a complete list of Intel-based platforms potentially affected by the Foreshadow vulnerabilities. Double-check the list for your CPU model.
Is My Intel Computer Vulnerable to Foreshadow?
First things first: so long as you keep your system completely up to date, you are safe. The research teams that made the initial discovery of Foreshadow separately disclosed details of the vulnerability to Intel back in January. As such, Intel has had a long time to develop and release a patch.
Furthermore, the researchers and Intel are keen to stress that attacks of this nature are extremely rare in the wild. The expertise and cost required to perform this attack outside make it difficult conceive as a payload. Regular malware attacks and phishing techniques are much easier to use. As such, they also come with an almost guaranteed return on investment.
“Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.”
Furthermore, most users aren’t even using the Intel SGX feature, so you wouldn’t store your sensitive data there anyway. Also, “Foreshadow does not leave traces in typical log files” so you wouldn’t necessarily realize an attacked accessed the data, let alone an attacker skilled enough to implement such an attack “can probably alter the log buffer” to erase traces.
How Does Foreshadow Affect Virtual Machines?
You may be using a virtual machine (VM) on your computer to emulate another operating system. VMs are handy for trying out new Linux distributions or booting up an old Windows version to use a specific program.
VMs see a huge amount of use in cloud server environments, such as Microsoft Azure or Amazon AWS. Running concurrent VMs lets a provider offer an expanded service using the same physical hardware. However, it is incredibly important that the virtual machines within the cloud server environment remain isolated from one another.
And that’s exactly what Foreshadow does. It breaks through the aforementioned isolation, allowing a virtual machine to read data from other virtual machines.
Will Intel’s “Chipocalypse” Ever End?
Intel, AMD, and other microprocessor manufacturers affected by Spectre, Meltdown, and now Foreshadow, have an incredibly tough time on their hands. CPU development has taken advantage of speculative execution for decades—thankfully—and it makes our system that much faster for it.
But the crux of the biscuit is that speculative execution is now vulnerable and as such CPU manufacturers are heading back to the drawing board to ensure that future CPU generations do not suffer the same issues.
The saving grace for consumers like you and I is that, for the most part, we’re too small fry to be worth the catch. That is, vigilance against regular malware, against phishing and banking fraud, and other common attacks will keep you safe. Just remember to keep your system up to date, and the CPU patches will install as they arrive.
Image Credit: ifeelstock/Depositphotos
The 6 Best Hidden Cameras for Checking on Your Babysitter