The vulnerability could leak users’ passwords and other data to bad actors
Key Takeaways
- Upcoming CPUs from Intel, Arm, and AMD will be vulnerable to a side-channel attack known as SLAM, which can obtain sensitive information from the chip’s memory.
- AMD’s existing chips are already at risk, while Intel plans to provide software guidance to consumers to address the vulnerability.
- Arm cites existing systems in place to guard against Spectre attacks and believes no additional changes are necessary.
When you choose to purchase a new CPU, you might assume that you’re getting a product with the latest features to protect against hacking vulnerabilities. That being said, some bugs go unnoticed until they become problems for users. Thankfully, there are researchers who look into potential security issues before they have a chance to do significant damage. New data from the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam has done just that, and their findings are raising eyebrows over upcoming CPUs.
According to the VUSec researchers, upcoming chips from Intel, Arm, and AMD will be vulnerable to a side-channel attack known as SLAM (via Bleeping Computer). This type of attack involves the use of software to obtain sensitive information from a chip’s memory. The vulnerability itself is known as Spectre, and it’s based on speculative execution — this is when a CPU tries to predict a user’s future tasks to speed up performance. While this function is meant to be beneficial, attacks like SLAM can reveal its risks. Intel’s chips have a security feature called Linear Address Masking (LAM) to increase the speed of security checks. AMD chips have an equivalent called Upper Address Ignore (UAI), while Arm chips have one referred to as Top Byte Ignore (TBI). The SLAM attack works by exploiting these frequent security checks. When a bad actor carries out this attack, they can gain access to sensitive data, including passwords and encryption keys.
Upcoming CPUs from the previously mentioned companies are all expected to be vulnerable to a SLAM attack, and existing chips from AMD are already at risk. In response to the research, Arm cited existing systems in place that are meant to guard against Spectre attacks and is not making additional changes. Similarly, AMD says that its current Spectre measures should be enough to address the vulnerability. Intel intends to provide software guidance to consumers who purchase future CPUs that may be prone to such an attack. Whether these measures will ease customers’ concerns — or impact future CPU sales — has yet to be seen.
[ad_2]
