Intel Haswell Chip Flaw Could Allow Malware To Bypass Security Protocols
There is a reported flaw present in processors based on Intel's Haswell microarchitecture that could allow attackers to effectively sidestep security roadblocks and install malware onto systems, security researchers warn. The method works on most operating systems, including Windows 10, and unless a fix is issued it could lead to more prominent and potent malware attacks.
The researchers who discovered the flaw developed a bypass for Intel's Address Space Layout Randomization (ASLR) technology present on Haswell processors and demonstrated the technique at the IEEE/ACM International Symposium on Microarchitecture in Taipei, Taiwan, this week.
ASLR is a built-in defense against against a common form of attack that attempts to install malware by exploiting vulnerabilities in an OS or program. When you fire up a program, part of it is loaded into system memory. What ASLR does is randomize the location of various bits of code so that malware can't predict where to find it. A system might still crash if malware is present, but beyond that, ASLR prevents worse damage, such as handing over control to a remote hacker.
What the researchers found is that by exploiting a flaw in the part of a Haswell CPU known as the branch predictor, they could load a small application that identifies the memory addresses where specific parts of code are loaded. Armed with that information, traditional memory-based malware techniques are once again effective, allow attackers to mess with a system as if ASLR was disabled.
"ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors," one of the researchers who developed the bypass told Ars Technica.
Intel is aware of the situation and is currently investigating the matter.
The researchers who discovered the flaw developed a bypass for Intel's Address Space Layout Randomization (ASLR) technology present on Haswell processors and demonstrated the technique at the IEEE/ACM International Symposium on Microarchitecture in Taipei, Taiwan, this week.
ASLR is a built-in defense against against a common form of attack that attempts to install malware by exploiting vulnerabilities in an OS or program. When you fire up a program, part of it is loaded into system memory. What ASLR does is randomize the location of various bits of code so that malware can't predict where to find it. A system might still crash if malware is present, but beyond that, ASLR prevents worse damage, such as handing over control to a remote hacker.
What the researchers found is that by exploiting a flaw in the part of a Haswell CPU known as the branch predictor, they could load a small application that identifies the memory addresses where specific parts of code are loaded. Armed with that information, traditional memory-based malware techniques are once again effective, allow attackers to mess with a system as if ASLR was disabled.
"ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors," one of the researchers who developed the bypass told Ars Technica.
Intel is aware of the situation and is currently investigating the matter.
