Intel's Security Breach: Downfall Exploit CPU Data Theft

Intel Unveils ‘Downfall’ Flaw: Theft of Encryption Keys and Years’ Worth of CPU-Stored Data

Today, Intel unveiled a novel security vulnerability known as “Downfall,” brought to light by Daniel Moghimi, the diligent researcher who made the discovery. This emerging exploit employs the technique of Gather Data Sampling to clandestinely acquire data and other confidential information residing on computers equipped with Intel processors dating from the years 2015 to 2019. This timeframe encompasses processors spanning from the sixth-generation Skylake to the eleventh-generation Rocket Lake and Tiger Lake.

In response to this vulnerability, Intel has issued a comprehensive security advisory named INTEL-SA-00828 and has formally designated the identifier CVE-2022-40982 for reference.

Moghami, a distinguished senior research scientist at Google and previously affiliated with the University of California San Diego, divulged further information on the downfall.page.

“The underlying vulnerability emanates from memory optimization features present within Intel processors, inadvertently divulging internal hardware registers to software applications,” Moghami eloquently articulated. “Consequently, this inadvertently bestows untrusted software with the ability to access data maintained by other applications—a privilege that would otherwise remain beyond reach. My research has illuminated that the Gather instruction, originally designed to expedite the retrieval of scattered memory data, inadvertently exposes the contents of the internal vector register file during instances of speculative execution.”

On the aforementioned platform, Moghami aptly demonstrates instances wherein he successfully extracts 128-bit and 256-bit AES encryption keys from unsuspecting users. Furthermore, he showcases the ability to surreptitiously monitor keystrokes and exfiltrate data from the Linux kernel. His assertion extends to highlight that the pervasive influence of Intel, especially in the realm of server technology, results in a universal impact. He contends that even individuals not in possession of an Intel-powered device are not immune to this breach. In the domain of cloud computing, Moghami astutely points out that a malicious entity could exploit the Downfall vulnerability to pilfer both data and credentials from co-inhabiting cloud users.

In response, Intel is diligently formulating microcode updates for the affected chipsets. The corporation strongly advocates for users of these compromised Intel Processors to promptly upgrade to the most recent firmware versions provided by their respective system manufacturers—a measure aimed at redressing these vulnerabilities. For those who are not employing Intel SGX, a hardware-grounded memory encryption technology, Intel offers the option to install it via the operating system.

As outlined by Moghami and corroborated by Intel, there exists a possible overhead of up to 50%, contingent upon whether a given workload employs the Gather technique. Of particular note is Intel’s plan to incorporate an “opt-out mechanism” within the microcode, allowing the mitigation measures for Downfall to be deactivated, thus circumventing performance repercussions in specific scenarios reliant on vectorization.

Nonetheless, the researcher passionately dissuades users from choosing the opt-out route, asserting, “Such a course of action is inadvisable. Even if your computational tasks eschew vector instructions, contemporary CPUs heavily rely upon vector registers to optimize routine functions—such as memory copying and register content switching. Sadly, this optimization inadvertently exposes data to untrustworthy code that capitalizes on the Gather vulnerability.”

Moghami’s forthcoming presentations on Downfall are anticipated at the esteemed BlackHat USA conference on August 9 and the revered USENIX Security Symposium on August 11. His comprehensive technical manuscript is readily accessible here.

For those possessing more recent iterations of Intel chips—namely the 12th Generation Alder Lake, 13th Generation Raptor Lake, and the Sapphire Rapids server chips—rejoice, for they remain unaffected by this perilous vulnerability.

Stay Updated about the latest technological developments and reviews by following TechTalk, and connect with us on Twitter, Facebook, Google News, and Instagram. For our newest video content, subscribe to our YouTube channel.