In response to recent processor vulnerabilities discovered by researchers, technology giants such as Intel, Apple and Microsoft are teamed up to provide patches to prevent these security-related vulnerabilities from taking over by hackers, Steal data from computers, smartphones and other devices.
The so-called "security breach" discovered earlier claimed allegedly appears on Intel's chips, and now it is clear that the vulnerabilities released last week have generally affected many current high-performance processors, not just Intel.
In fact, security researchers at Google Project Zero and other companies have discovered three different side-channel attacks that incorporate knowledge of the internal workings of modern CPUs and a degree of brute-force (brute force) crack method.
It is noteworthy that so far we have not found that these vulnerabilities have been exploited, but as this information is disclosed, hackers with a deep understanding of the CPU may be able to launch attacks, so that the entire software ecosystem Competing to release patch to fix these security vulnerabilities.
Teams that need to work together to fix these security holes include CPU designers like AMD, ARM and Intel, while key software vendors include Apple, Citrix, Linux, Microsoft and VMWare.
The vendors discovered security holes and started patching them in June of last year, but since these vulnerabilities exist in the shipped chip designs, the only solution is to patch the system software to solve these problems, for example, through Over the operating system (OS) and virtualization software / management programs.
I am using the word "vulnerability" rather than "bug," as these circuits are designed according to the proper design, but bypassing exploits the fact that for these correct operations Knowledge to infer the information that should be protected.
The effect on performance will depend on each and every one of the different processor designs and software.Such as software that requires extensive system call instructions, such as a data center, seems to feel the most, users like games and browsers The impact of the software should not be large.
Specifically designed malware may force the CPU to perform 'speculative execution' and then identify the data from areas with a higher level of protection, so the system software and firmware must be changed for repair. Malware does not Damage to memory, but locally executed software may expose sensitive information such as passwords and encryption keys.
Intel has confirmed that these attacks may occur on its processor, and AMD also revealed a possible threat.
The three major security vulnerabilities discovered last week and their numbers are as follows:
(Bounds Check Bypass; CVE-2017-5753) Branch Target Injection (CVE-2017-5715) Unmanaged Data Load (CVE-2017-5754) 'Bypass Border Check' Software repair is required because it is difficult to eliminate speculative execution by altering the CPU design, and AMD, ARM and Intel say the common threats can be repaired through software updates, so the performance impact is minimal micro.
The impact of threats # 2 and # 3 depends on different CPU vendors, and Intel confirmed the existence of both of these threats, but AMD said it did not observe Type 2 threat and its design is not vulnerable to the third vulnerability This may be due to Intel's adoption of more advanced technologies in the design of its predictive jobs, each of which has a different design of branch targets that may affect security breaches, and at the same time, this part of the threat to The impact of performance is also the largest.
Intel said the second threat could reduce performance benchmark scores by 0-5% while the third threat could have a 3-5% impact on typical workloads, especially for software that regularly accesses core services Bear the brunt.
ARM's situation is more complex.Many ARM cores are limited or even not speculative execution, even the mainstream of the Cortex-A core, but higher performance core does provide performance speculation.Moreover, such as Apple, Cavium and Qualcomm (Qualcomm) and other authorized ARM architecture, the design of the chip, also have different speculative execution and branch target design.With this information is exposed, each supplier must list the CPU list may be affected. ARM will Change its core design during development and add existing cores as needed.
Although the initial coverage focuses on Intel, what is needed now is to establish unique industry partnerships between these competing vendors and between software and chip companies, and more companies may be exposed to these security concerns But as the incident reflects the fact that security flaws are changing the form of the threat, I hope this one will be the beginning of a broader industry collaboration on security issues, and when all companies work together, there is bound to be more vigorous protection Our PC, mobile phone and data center.
Compile: Susan Hong