contador web Skip to content

Specter-NG: New Vulnerability Found in Intel, AMD, and ARM Processors

Until the 14 nanometer phase, everything was going great. But since the Intel debuted its 10-nanometer processor architecture, in 2016, its life has been a living hell.

To put it a little in perspective, there have already been several delays in your roadmap of processor development and there was the famous report of the Project Zero (Google) in January, pointing out the flaws known today as Meltdown and Specter.

Apple is also contributing to this phase, especially with its studies to use its own processors for its desktop and notebook line, which would further undermine Intel's scenario as its competitors advance further while the PC market itself loses relevance to mobile devices (a market that Intel is far from being a leader in).

The icing on the cake of problems facing the company is the recent revelation of another CPU vulnerability reported on the 7th and being called Specter-NG. About this, Intel issued a statement this week assuming the problem:

Protecting our customer data and ensuring the security of our products are critical priorities for us. We routinely work with customers, partners, other chip manufacturers and researchers to understand and mitigate any identified issues, and part of this process involves reserving CVE number blocks. We strongly believe in the value of coordinated disclosure and will share additional details about any potential issues when we complete the mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date.

At this time, both researchers and Intel reserve the right not to disclose more information until their users are protected from malicious attacks. In this scenario, Intel will use the 90-day deadline given by the Intel team. Project Zero to work on corrections, however it is known that the magnitude of this security breach could be on the same scale as the original Meltdown and Specter vulnerabilities and Intel is already preparing patches for this problem according to sources linked research team.

So far, this vulnerability is known to actually consist of a set of eight (!) Security holes all caused by the same design problem as Intel processors, but each with a different way of exploitation.

Of these eight vulnerabilities, Intel internally ranked four as high risk, while the other four were classified as average risk. In seven of the eight vulnerabilities, behavior similar to that found in the Specter Fault is expected, but Intel's eighth vulnerability is taking sleep.

Apparently this octave is a far greater threat than the Specter itself, as it could allow an attacker to launch an attack on a virtual machine and then access other instances of virtual machines running on the same physical server. This would be possible due to Intel technology called Guard Software Extensions in being Specter-free As a result, with the compromised environment there would be a risk of interception of passwords and encryption keys transmitted between these instances of virtual machines on the same physical server, thus representing a much larger problem than the failures disclosed in January this year.

By July we are expected to have the corrections and an official notice describing all the problems; In the meantime, Intel recommends that everyone keep their systems as up-to-date as possible.