Zombieload Intel Vulnerability Explained: Nasty Flaw In Millions Of CPUs

zombieload attack
Images: Shutterstock

Zombieload is the latest Intel CPU vulnerability to plague everything from desktop computers to enterprise level servers. However, due to the increasingly complex nature of online attacks, it is becoming harder for companies to detect and fix them.

These fixes are usually half measured at best and cause the processors of enterprises as well as the average user to lose their performance value in the long run or so we’re told. Online attacks like Spectre and Meltdown affect almost everyone that uses a computer. It is a problem which is forcing companies to cut corners, more often than not, in areas concerning performance.

For the uninitiated, Zombieload is a vulnerability exploited through speculative analysis. In a nutshell, this vulnerability allows hackers to access a temporary memory location in CPUs and gain access to crucial information like usernames and passwords. However, there are still several aspects of such an attack which are difficult to explain in one sentence. Thus, often times the crucial and arguably the most important information regarding these online attacks remains unexplained.

To better inform our readers, we are going to discuss exactly how these online attacks work and what their current and possible future ramifications are. We will also discuss what kind of effects these types of attacks have on the user and what steps individuals can take to keep their data safe.

The Origin of Spectre And Meltdown Attacks

Google Project Zero, in June of 2017, detailed a potential vulnerability in millions of processors, including that of Intel, AMD, and ARM. Google has suggested that a System Callback problem in these CPUs could lead to a security exploit when virtual memory is read. These security exploits were later termed as Spectre and Meltdown.

Most of you know the term ‘Spectre’ and ‘Meltdown’ in the context of Intel CPUs. The CPUs have faced both a Meltdown and a Spectre attack. AMD and ARM are susceptible to specter attacks but not to Meltdown.

What is interesting though is how they perform. Before we understand how these attacks function, we must know how a modern day CPU works to increase efficiency.

How A CPU Works (To Increase Output)

Since the 1960s CPUs have used speculative analysis. It is the process of guessing a task for the user before it’s executed. The CPU simply tries to guess what the user would want to do and it keeps the data related to that task prepared to be executed.

If the CPU correctly predicts the task which the user wants to perform, then time is saved and processing speed increases. However, if the user chooses any other command to be executed, then the earlier data assembled by the CPU is sent a temporary memory. In this memory, the data remains available for some time and then gets deleted.

It was no longer a problem when computers were separate machines working alone. However, now the times have changed. Our computers are always connected to a bunch of devices and share a number of resources. For example, Amazon Web Services offers virtual computers which developers can use to increase computing power.

Following the principle of speculative analysis, Intel Hyper-Threading was born. It increased performance in multi-threaded workloads like frame rendering and some video games.

Hyperthreading simply means increasing the number of threads for bringing the data at a faster rate to be processed by the CPU. It is a cheaper and albeit less effective alternative to increasing the number of physical cores in a processor. Ideally, a mid-range modern day CPU uses multiple cores that have multiple threads.

Spectre, Meltdown And Zombieload Intel Vulnerability

Still following? Ok. Now that we know how the CPU uses speculative analysis to reduce processing time, let’s see how Spectre and Meltdown occur.

Spectre and Meltdown use side-level attacks. The difference between a side-channel attack and a normal malware or virus is that the former uses the steps involved in a particular process to exploit it.

In the case of Spectre, side-level attacks utilize the process of temporarily storing files in cache memory to gain access to sensitive information. The normal functioning of a computer is enough to cause a Spectre attack. This makes detecting and preventing such attacks very difficult.

After a speculative analysis, the data is stored in the cache memory. The hacker then performs the following steps using a program to gain access to that stored data:

  • The hacker uses a code which prompts the search for any random data
  • This causes the CPU to look for it in the cache memory which is full of secret data
  • The hacker then uses a timing attack to repeat the same process until they don’t predict the right secret value stored in the cache memory

The timing attack is used to measure the time taken by the CPU. Each input given by the hacker is checked at a different time by the CPU. Whichever value returns the least amount of time, is the correct value stored in the CPU cache memory.

When this one particular value is known to hackers, they move on to the next memory address and repeat the process all over again.

Meltdown attacks are more severe than Spectre because of the way our CPU handles multiple apps. Whenever two apps are running at the same time, the Memory Management Unit or MMU allocates a virtual memory with the same address as one physical memory in the RAM.

Meltdown targets this particular function. It acts as a breakout attack and leaves the virtual instance created by the MMU (Memory Management Unit) into the physical memory. Meltdown leaves virtually allocated memory and gains access to the physical memory address via malicious code.

Intel Processors are easy targets in this case because they tie their L1D cache memory and TLB (Translation Lookaside Buffer) together. TLB is used when the CPU creates virtual memory.

It means that not only will the hacker get to know the secret information inside the cache, but they will also be able to leave the virtual memory space created by their app and gain access to the physical memory.

Zombieload exploit uses the same principle on a different CPU component known as Buffer. The data is stored in Buffer right before it is used. Zombieload is exploited using a speculative analysis attack and thus Intel released a patch to disable hyper-threading.

Who Are Affected?

The main targets of Spectre and Meltdown attacks are enterprises like Amazon Web Services. Most of them use Intel processors in their servers. It is one of the reasons why Intel CPUs are more susceptible to such attacks due to the huge financial incentive.

Intel counters these attacks by releasing patches that counter this problem. Their patches do not disable hyperthreading, nor does Intel recommend so. Furthermore, any performance drop in the latest patch doesn’t affect users as much as it does big organizations. Intel did not remove the hyper-thread from its 9th Gen line-up, some models including the top spec i9-9900K still have it.

If you’re an average user then you can install the latest CPU patch from your OEM and it should prevent MDS issues up to a limit. For further mitigation, Intel has a set of guidelines to help you out.

Furthermore, if you’re using an AMD desktop CPU or an ARM chip in your smartphone then you’re not vulnerable to Meltdown attacks. However, you’re still susceptible to Spectre attacks, so you are advised to stay updated when it comes to CPU drivers.

Predicting The Future

For a long time, Intel has been the undisputed champion as a desktop and server CPU maker. However, ARM-based CPUs are beginning to catch up with the X86 based chips. So, maybe one day when ARM CPUs become popular hackers just might abandon developing attacks for Intel CPUs and focus on ARM instead.

AMD has announced that the Zen 2 CPU architecture to be used in the upcoming Ryzen 3000 series will be Spectre-free. It sounds like an impossible feat, but AMD’s underdog position in the market keeps it safe from any major cybersecurity mishap.

As of right now, I’d advise you to stay updated on the latest security release from your OEMs. If you’re using a computer which is connected to the Internet then you probably are at risk. Furthermore, it is very difficult to identify if you’re targeted by Spectre or Meltdown because the attack does not leave any traces of log files.

The speculative analysis is a problem which will cause havoc for some time until we don’t fundamentally change the way in which our processors behave.

It’s best to stay calm and stay updated.

Also Read: Google Says Spectre Flaws Cannot Be Defeated By Software Alone
Yetnesh Dubey

Yetnesh Dubey

Associate Editor at Fossbytes. Yetnesh manages the everyday editorial duties and oversees the writing staff. He occasionally covers news related to electric vehicles and tech.
More From Fossbytes

Latest On Fossbytes

Find your dream job