More Intel Data Leak Flaws Documented This Week Situation Particulary Grave

This week has seen a number of flaws in Intel chips that leak data, but two seem to dwarf others publicized so far (archived). The first, TPM-FAIL allows private keys stored with the "Intel Platform Trust Technology"(TM)(R) "trusted platform module" to be acquired via timing leakage. The ST33 by MTMicroelectronics was also shown to have a similar vulnerability.

The gravest reveal (archived) is a set of "Microarchitectural Data Sampling" attacks allowing any data passed through an Intel CPU to be leaked, in flight, whether the data has been stored in the CPU's cache or not. Many of these attacks abuse Intel's handling of speculative execution. Others take advantage of flaws introduced or made worse by efforts to patch Intel's previously documented speculative execution bugs.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>