Security Roundup: Side-Channel Attacks, Trend Micro, Extreme Networks

A newly discovered security flaw in Intel processors allows attackers to steal any data that’s been recently accessed by the processor.

Dubbed ZombieLoad, the side-channel attack made big headlines this week. The flaw affects nearly every Intel chip since 2011, according to TechCrunch.

So what is a side-channel attack and why are they so dangerous? We spoke with Dmitriy Ayrapetov, SonicWall‘s executive director of product management, and Paul Ducklin, senior technologist at Sophos, to find out.

Side-channel attacks rely on the exploitation of hardware/processor architectural components to “listen in” on information that they’re not supposed to see, Ayrapetov said.

SonicWall’s Dmitriy Ayrapetov

“By listening in and performing precise timing, they can infer the information stored in parts of the processor cache that they shouldn’t be privy to, and therefore pull off a ‘side-channel’ attack,” Ayrapetov said. “These are different from traditional malware and exploit attacks that rely on corrupting and exploiting software to increase privilege to do something bad, or perform malicious tasks such as encryption, data theft, etc.”

In seeking ever-faster processing speeds, “we’ve been willing to take the risk of leaving the CPUs’s internal security checks until the last possible nanosecond, hoping that we’ll always be able to cancel the side effects of any prohibited data access before any hints leak out,” Ducklin said.

“But transient execution attacks like ZombieLoad remind us that what happens in Vegas doesn’t always stay in Vegas,” he said. “Sometimes, it causes ghostly ripples than can be picked up elsewhere.”

Side-channel attacks are proof-of-concept attacks that have yet to be weaponized, at least according to what’s been made public, Ayrapetov said. The reason why side-channel, and generally processor architectural vulnerabilities, are a big deal is due to their ubiquity (all PCs/servers) and their severity (data theft), he said.

“Many are now coming to light because Meltdown/Spectre ushered in a new era of security research which focused on the previously overlooked layer of computing: the hardware and the processor,” he said. “Now that there’s attention being paid to this area that is difficult to patch and to re-architect, we have inspected and have observed an increasing number of such vulnerabilities being published. The question is — when is this going to become weaponized for mass information stealing?”

Phishing attacks and higher-level software bugs give much bigger, faster and cheaper returns than side-channel attacks, Ducklin said.

Sophos’ Paul Ducklin

“Nevertheless, the fact that transient execution attacks aren’t mainstream malware techniques right now doesn’t mean we can ignore them,” he said. “Attacks only ever get faster and smarter, so we should be using flaws such as Meltdown, Spectre and ZombieLoad as a long-term reminder that we need to put at least as much value on security as we do on performance.”

The organizations that should be most concerned about side-channel attacks are those that …