Researchers Exploit Another Intel Hyper-Threading Flaw

stdragon

Commendable
Apr 5, 2018
1,551
1
1,660
196
It's hypothetical. They haven't cracked an encrypted session; and I doubt they'll ever be able too. That said, again, Theo de Raadt already pointed out that SMT was susceptible to side-channel exploits.

https://marc.info/?l=openbsd-tech&m=153504937925732&w=2

August 23, 2018

"Two recently disclosed hardware bugs affected Intel cpus:

- TLBleed

- T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
bug, more aspects are surely on the way)

Solving these bugs requires new cpu microcode, a coding workaround,
*AND* the disabling of SMT / Hyperthreading.

SMT is fundamentally broken because it shares resources between the two
cpu instances and those shared resources lack security differentiators.
Some of these side channel attacks aren't trivial, but we can expect
most of them to eventually work and leak kernel or cross-VM memory in
common usage circumstances, even such as javascript directly in a
browser.

There will be more hardware bugs and artifacts disclosed. Due to the
way SMT interacts with speculative execution on Intel cpus, I expect SMT
to exacerbate most of the future problems.

A few months back, I urged people to disable hyperthreading on all
Intel cpus. I need to repeat that:

DISABLE HYPERTHREADING ON ALL YOUR INTEL MACHINES IN THE BIOS."
 

SkyBill40

Honorable
While I know AMD isn't out of the woods here seeing that they use SMT, since nothing was yet stated as affecting their CPUs, this can't be anything but a blessing for them and another bad beat for Intel. If they don't develop a new architecture and soon, OS patches and BIOS updates are going to become as frequent as changing one's socks.
 

jimmysmitty

Polypheme
Moderator


I just wonder is this is Intel SMT specific or all SMT. And does it affect older implementations of SMT considering that SMT has changed a lot since it first debut.



Thats part of my question too though. Are these same researchers testing AMD also or just Intel? While it is different AMDs current implementation of SMT is the similar to Intels so it could be vulnerable to the same attacks or even ones Intel may not be.

The uASrch is not really part of it though. SMT is a feature Intel could easily bake out of the Core arch, remember when Intel went dual core they dropped HT from the Netburst arch.
 

SkyBill40

Honorable


One would certainly hope so for the sake of thoroughness and accuracy. I do know that the main nasties in Spectre, Meltdown, and Heartbleed really didn't play rough on AMD due to the way their architecture is designed; however, that's not to say that they escaped unscathed as we did see OS related patches come about and largely just in case. Even as overblown as the whole "Ryzenfall" mess was by that halfwit group from CT Labs, AMD saw fit to investigate it and patch.

If Intel wants to bake out the SMT as you mentioned, they'll have to do that as another 14nm revision unless they make the change on whatever they release as a completely new build and we all know how they're struggling mightily with progress towards 10nm.

 
Jun 29, 2018
88
3
135
0
Intel itself may have started to listen to this advice, as the company’s Core i7-9700K will be the first Core i7 in the company’s history to ship without HT.
yea Right , how about the tons of Xeons CPU ? in which security is far more important than gaming PCs ? what advice and what "listened" and what i7 9700K ???

this is a Serious issue that concern Servers and Huge companies alot. and not the gamers.

 


That is pretty darn funny. The 9700K is the high security version of the 9900K it only costs a little performance, typical Intel.
 

greenreaper

Prominent
Apr 3, 2018
5
3
515
0
It's only "the first i7" because they created the i9 as a new segment above it. Any other year, this would have been an i5, because its segment was maximum cores (for a consumer-level CPU) and most or all CPU features without hyperthreading.
 

stdragon

Commendable
Apr 5, 2018
1,551
1
1,660
196


Difficult to say. All eyes are focused on Intel at the moment, but there are some fundamentals with SMT that does span all processor architecture. I would not be surprised if some ARM and Apple A series processor are sustainable too like the Spectre exploit. Which makes sense when you think about it since all of these exploits involve SMT at some level.
 

William_X89

Prominent
Mar 16, 2017
18
0
510
0
Shame my PC died right when it did, I ended up with an I7 8700k versus an I7 9700k which wasn't out yet.

So should I disable hyperthreading in BIOS or is this a non issue for most people?
 

stdragon

Commendable
Apr 5, 2018
1,551
1
1,660
196
It's a non-issue for most people. The whole side-channel exploit is mostly hypothetical. Precision of timing has to exact. Any modern web browser will have already been patched against CPU side-channel exploitation thanks to the knowledge of the prior Spectre exploit. They do this by gimping the precision. You'll never notice a performance hit though.

Now cloud based providers where VM clients share hosts, well, that's a big concern for them.
 


The vast majority of users will never have a problem related to a hardware vulnerability in a CPU. There is the potential of it happening, but generally it is larger data centers that are the targets of these attacks. At the current time it takes some very sophisticated hacking to exploit these issues, if they can even be exploited. With the volume of data that a CPU processes getting encrypted data is like looking for a needle in a hay stack. Attacks requiring the effort that these attacks would require are just not worth the effort on individual users, right now. Eventually it may become easier... but look at Intel's speculative execution flaws, they existed for over a decade before someone even found it.

On a slightly different note, holy crap an industry has seemingly erupted over finding these hardware faults, mistakes, defects, whatever you want to call them. They are now just publicizing for the money. They seem to be ramping up the fear factor just to get attention and dollars. I'm not really ok with this. I mean, this is security, and part of security is discretion. Shouting from the rooftops when you find a flaw is not ok. They basically just fired a starting signal and the first one to the finish line gets to screw the consumers. Either the chip makers with higher prices or the hackers stealing data. Seriously... what the crap?
 

rantoc

Distinguished
Dec 17, 2009
1,858
0
19,780
0
So one more year of found exploits and performance tanking migrations and we will be back @ sandybridge era performance - what a progress Intel!
 

jimmysmitty

Polypheme
Moderator


Pretty much. As different as uArchs may be they are similar in utilizing a lot of features as those that work best work best.

Intel has been using SMT for a long time so I wouldn't be surprised if others have not utilized their ideas for their version of SMT as I wouldn't doubt that Intel hasn't done the work to find the best way to use it.

Only problem is that even if Intel did everything they could to secure a CPU, or AMD or anyone for that matter, there is no way to be exploit/bug free. They will always find a hole somewhere. The most secure PC is one that is unplugged and powered off.
 

ASK THE COMMUNITY

TRENDING THREADS