Researchers have discovered a new security flaw in modern processors that can be exploited to extract sensitive information (cryptographic keys, in this case) from your CPU. The manner in which it does this is quite similar to Spectre and Meltdown.
The flaw, dubbed TLBleed, specifically affects a process known as simultaneous multithreading (SMT), which Intel calls HyperThreading (HT). SMT is a technique for increasing the efficiency of a CPU by using spare resources to execute multiple threads simultaneously on the same core.
If we already lost you there, here’s a brief breakdown of how a CPU works.
A modern CPU consists of several cores. Each core can perform operations on data and has its own memory store (called cache) for storing and accessing the data and information it needs frequently. All of this together can be called the core’s infrastructure.
Normally, a processor works on one “thread” at a time. A thread is the smallest sequence of instructions that can be executed independently by a core. If you tell the CPU to add 2 numbers, the series of instructions for doing that are executed as a thread by a CPU core.
A core’s function, essentially, is to process threads as rapidly and efficiently as possible.
Work is broken down into threads and each thread is processed by a CPU core.
To improve the performance and efficiency of a CPU, you can increase the number of cores and the speed at which it operates. More cores mean more threads can be processed simultaneously, and a higher speed means that threads are processed faster.
To further improve upon this, SMT is used. With SMT, two independent threads can use the same CPU infrastructure, with a secondary thread utilising the resources that a primary thread has left unused.
A module called the Scheduler is what determines how and when threads are distributed to cores.
SMT and carpools
SMT can be compared to carpooling, after a fashion. If 20 employees must head to 20 places to meet 20 clients, say, rather than send them in 20 different cars, which would be ideal, a company could bunch up the employees who need to head in a similar direction in one car. The person responsible for this is analogous to the scheduler in a CPU. The employees represent threads (work that needs to be done) and the car represents a CPU core.
When grouped together, the car will be slower than if there was only one employee, and the frequent stops and slight detours will also slow it down. However, in the larger scheme of things, this system would end up doing more work and consuming less energy. It saves time as well as resources.
A side-channel attack isn’t a “hack” in the traditional sense. It does not utilise weaknesses in code or the design of security algorithms. Rather, it’s an attack that takes advantage of the way a system is implemented. These could be physical cues, like a difference in heat or power consumption.
Getting back to the carpool analogy. Say you want to access your co-worker’s Facebook account. Rather than attempt to hack Facebook or use a keylogger, or some other such more direct and nefarious method, you could simply carpool with them every day and observe them very closely, ask leading questions, etc.
You might, for example, figure out that the co-worker uses names of family members as their password. Then it’s just a matter of figuring out the names of said co-worker’s family members and using those names to access the account.
Preventing such attacks is almost impossible. Your co-worker would have to be an inherently cagey person, but then that caginess could mean a decline in their social lives. The company could ban car-pooling, but then that would mean expensive delays and a significant drop in efficiency.
This technique is what led to the discovery of TLBleed.
What is TLBleed?
A CPU core usually contains something called a TLB (translation lookaside buffer). In the simplest terms, it’s cache that stores information on the memory locations used by threads to store data.
When a thread needs access to data, it first checks the TLB to find out where the data is. If that information is not in the TLB, it checks other locations. Each time this check happens, resources are consumed and time is lost. Generally, the TLB is designed to store the addresses of the most recently accessed memory locations within it.
The difference in performance when a thread tries to access a memory location is measurable. When there is such a delay, the TLB is updated with the new address. A malicious program could, in theory, note when the change would happen and thus, infer the memory locations used by the target program (the one they’re trying to steal data from).
Once the malicious program has the memory addresses, it could steal the data stored in those addresses. This could, for example, be authentication keys for bank transactions, login information, etc.
As reported by ArsTechnica, researchers at Vrije University in Amsterdam did just that. They developed a technique where they would use SMT to get a malicious program running alongside a targeted program on a single core.
The malicious code would then use machine learning to keep an eye on the TLB and infer the memory locations used by the target program. It would then steal the data stored in those memory locations.
With this technique, researchers could apparently steal cryptographic keys (essential for encryption) with up to 99.8 percent accuracy on Intel’s latest CPUs.
Who is affected?
The attack has been successfully demonstrated on Intel CPUs that employ hyper-threading (or SMT). This means that almost all Intel CPUs released since 2002 are vulnerable.
While it wasn’t demonstrated on an AMD CPU, AMD does employ SMT and depending on its implementation of TLB, could be equally vulnerable.
In fact, any processor that implements SMT could be vulnerable.
Should I worry?
Intel has been dismissive about TLBleed. The Register reports that Intel seems to be of the opinion that code can be written to be TLBleed resistant and that TLBleed is not worth even acknowledging as a serious vulnerability. In a statement to The Register, Intel claimed that its CPUs already have features that should make them immune to TLBleed.
#tlbleed: The #OpenBSD HT disable has generated interest in #tlbleed. #tlbleed is a new sidechannel in that it shows that (a) cache sidechannel protection isn't enough: TLB still leaks information; (b) side channel safe code that is constant only in the control flow and 1/2
— Ben Gras (@bjg) June 22, 2018
The researchers who reported the vulnerability, while they admit that Intel is mostly right, are concerned that older programs would not be resistant and that simple techniques could be developed to steal critical data from them. They also note that the vulnerability is specific to each processor architecture. A security-minded developer may not be able to protect their software from all forms of TLBleed attacks.
As TechRepublic notes, a regular computer user need not be overly concerned by TLBleed. The attack is sophisticated and usually requires direct access to your system. If a malicious user has that much access, you have many more things to worry about.
Various mitigations have been suggested and will likely be implemented as needed. Cloud computing is an area that could be significantly impacted, but solutions are being discussed.
One could go for the nuclear option, as OpenBSD did, and simply disable SMT altogether. This will come at a colossal performance penalty, though.
Ben Grass, one of the researchers who worked on TLBleed, will be presenting a paper on the attack at a later date.