Intel had a security flaw that allowed data theft after 2012

The security solutions provider Bitdefender discovered that because of this gap a lot of Windows information was compromised

Security solutions provider Bitdefender has discovered a security flaw in Intel processors after 2012 that would allow stealing sensitive data on computers with the Windows operating system, and that could be used for spying and sabotage campaigns.

Intel CPUs incorporate a functionality called ‘speculative execution’, designed to improve their performance, but also allows access to passwords, tokens, private conversations, encryption and other confidential data stored by both home and business users on servers and laptops.

This new vulnerability opens the way to a possible side channel attack, which makes it easier for the hacker to access all the information stored in the kernel memory of the operating system.

The potential side channel attack that enables this vulnerability takes advantage of the speculative execution technique incorporated into the processor, a capacity that seeks to accelerate the CPU, by predicting the orders that will occur following the one that is already being carried out. The speculative execution function can leave traces in the cache that hackers take advantage of to filter the kernel’s memory.

The attack combines the speculative execution of Intel instructions with the use of a specific instruction of the Windows operating systems, within what is known as a ‘gadget’.

In addition, this security flaw is able to withstand all security measures implemented after the discovery of other vulnerabilities such as Specter and Meltdown in early 2018, according to Bitdefender.

“Cyber ​​criminals who know this new method of attack may be able to access the most sensitive information of companies and individuals around the world, something that gives them the ability to steal, blackmail, sabotage and spy,” says Gavin Hill, vice president of Datacenters and Network Security Products in Bitdefender, in a company statement.

K. Tovar

Source: La Vanguardia

Comments are closed.