A new security vulnerability in computer processors (CPU) was discovered by researchers from the Technical University of Graz and the Saarbrücken Helmholtz Center for Information Security (CISPA). This makes virtual work environments (virtual machines) with AMD processors vulnerable, according to the Graz University of Technology. The American chip company was informed by the researchers and has released an update that fixes the vulnerability.
So-called Trusted Execution Environments (TEEs) play an important role in cloud computing. They are intended to ensure that sensitive data on the virtual work environments, the virtual machines, cannot be manipulated or stolen. However, the researchers from Graz and Saarbrücken have discovered a vulnerability in AMD processors that allows attackers to penetrate virtual work environments based on the trusted computing technologies AMD SEV-ES and AMD SEV-SNP.
Simply put, by resetting data changes in the cache (buffer memory), hackers can gain unrestricted access to the system. This attack method was dubbed “CacheWarp,” it was reported.
Pretending an outdated status
AMD Secure Encrypted Virtualization (AMD SEV) is a processor extension that provides a secure separation between virtual machines and the underlying software to manage the necessary resources. To do this, AMD SEV encrypts the data on the virtual machine. However, “CacheWarp” can roll back data changes in this operating environment and put the system in an outdated state, as the researchers explained. This becomes risky when a variable determines whether a user is successfully authenticated or not.
Successful authentication is usually marked with “0”, which is the same value the variable was initialized with. If a potential attacker enters a wrong password, the variable will be overwritten with a value other than “0”. However, using “CacheWarp” this variable can be reset to its original state when it indicates successful authentication. This means that an already authenticated session can be established.
“Our work for CacheWarp shows how an attacker can essentially make affected processors forget write access to memory. “You can imagine it like with older USB sticks: if you wrote a document there, but removed the stick before the end of the writing process, the next time you plugged it in and read the document, you could still find parts of the old USB stick. version instead of the new one,” explains Andreas Kogler from the Institute for Applied Information Processing and Communication Technology (IAIK) at the Technical University of Graz.
Once the attacker gains access, he can also gain full administrative access to the data in the virtual machine. During their tests, the researchers managed to collect all the data there, change it and – starting from the virtual machine – further distribute it.
AMD was informed of the security problem by the researchers. The company provides a microcode update that closes the vulnerability. The research team led by Michael Schwarz of the CISPA Helmholtz Center for Information Security provided information about “CacheWarp” on the website cachewarpattack.com. The scientific article entitled “CacheWarp: Software-based Fault Injection Using Selective State Reset” is also available there.
Source: Krone
I am an experienced and passionate journalist with a strong track record in news website reporting. I specialize in technology coverage, breaking stories on the latest developments and trends from around the world. Working for Today Times Live has given me the opportunity to write thought-provoking pieces that have caught the attention of many readers.
