Current CPUs have design flaws. Specter has unmasked them, but attacks like Foreshadow and now ZombieLoad exploit similar weaknesses. These "speculative execution errors" can only be resolved by purchasing a new CPU with built-in protection.
Patches Slow Common CPUs
The industry has been frantically trying to patch "side channel attacks" like Specter and Foreshadow, which are tempting the CPU to divulge information they should not divulge. Protection for current CPUs has been provided through microcode updates, operating-system fixes, and patches for applications such as web browsers.
Specter fixes have slowed down computers with old CPUs, although Microsoft is about to accelerate them again. Patching these errors often slows performance on existing CPUs.
Now ZombieLoad poses a new threat: To completely protect and block a system from this attack, you must disable Intel Hyper-Threading. That's why Google has disabled hyperthreading on Intel Chromebooks. As usual, CPU microcode updates, browser updates, and operating system patches are on their way to closing the gap. Most users should not have to disable hyperthreading once these patches are installed.
New Intel CPUs are not vulnerable to ZombieLoad.
ZombieLoad is not a threat on systems with new Intel CPUs. According to Intel, ZombieLoad is "hardware-oriented, starting with select 2nd generation Intel® Core ™ processors and 2nd generation scalable Intel® Xeon® processor family." Systems with these advanced CPUs are not affected new attack.
ZombieLoad only affects Intel systems, but Specter also includes AMD and some ARM CPUs. It's an industry-wide problem.
CPUs have design flaws and allow attacks
As the industry noted, when Specter raised its ugly head, modern CPUs have some design flaws:
The problem lies in "speculative execution". , For performance reasons, modern CPUs automatically execute instructions that they may need to execute. Otherwise, you can simply rewind the system and return to the previous state.
The core problem with Meltdown and Specter lies in the cache of the CPU. An application may attempt to read the memory, and if it reads something in the cache, the operation will complete faster. When it tries to read something that is not in the cache, it slows down. The application can determine if an operation has completed quickly or slowly. While all other operations are pruned and deleted during speculative execution, the time required to complete the operation can not be hidden. This information can then be used to bit-map a map of all the computer's memory. Caching speeds things up, but these attacks take advantage of this optimization and turn it into a security hole.
In other words, performance optimizations in modern CPUs are abused. Code running on the CPU ̵
On cloud servers, one virtual machine can monitor the data on other virtual machines on the same system. This should not be possible.
RELATED: How Do Meltdown and Specter Errors Affect My PC?
Software patches are only bandaids
No Surprisingly, the CPU uses patches to slow down to prevent such a side channel attack. The industry is trying to add additional reviews to a performance optimization layer.
The suggestion to disable hyperthreading is a very typical example: disabling a feature that makes your CPU run faster increases security. Malicious software can no longer exploit this feature, but it will not speed up your PC anymore.
Thanks to the work of many clever people, modern systems could be adequately protected against attacks such as Specter without great slowdown. However, patches like these are just bandaids: these vulnerabilities need to be addressed at the CPU hardware level.
Hardware-level fixes provide more protection – without slowing down the CPU. Organizations do not need to worry about having the right combination of microcode updates (firmware), operating system patches, and software versions to keep their systems safe.
These are "not just mistakes, but the foundation for optimization." The CPU design needs to be changed.