Intel processors are vulnerable to exploitation if they are running hyper-threading, and if you want full security for your CPU, you should disable that feature (which will obviously come at a considerable performance hit in some cases).
This is according to Greg Kroah-Hartman, a Linux kernel developer who shared his thoughts on security at the Open Source Summit Europe in Lyons (which finishes today), as highlighted by The Register.
The problem as outlined by Kroah-Hartman – and indeed others – is that hyper- threading is dangerous territory because of bugs that can be exploited in MDS or Microarchitectural Data Sampling.
If that sounds familiar, you might have remembered it from the ZombieLoad episode back in May, where it first came to light along with other MDS-based exploits including Fallout and RIDL.
The only way to be truly safe from any potential attack vector along these lines is simply to switch off hyper-threading. Kroah-Hartman said of OpenBSD (an open source security-focused OS): “A year ago they said disable hyper-threading, there’s going to be lots of problems here. They chose security over performance at an earlier stage than anyone else. Disable hyper-threading. That’s the only way you can solve some of these issues. We are slowing down your workloads. Sorry.”
You might further recall that when ZombieLoad stumbled onto the scene, Apple advised that the only way Mac users could be sure of ‘full mitigation’ against attacks was not just to apply the relevant security patches, but also to disable hyper- threading (at an up to 40% performance hit for some users, Apple estimated).
Hyper-threading, for the uninitiated, is where a CPU core is split into two virtual cores (or threads), and it can help considerably with heavier tasks and workloads requiring multiple cores (AMD calls this simultaneous multi-threading or SMT).
But splitting tasks across cores in this manner can lead to potential problems, as Kroah-Hartman explains: “MDS is where one program can read another program’s data. That’s a bad thing when you are running in a shared environment such as cloud computing, even between browser tabs.
“You can cross virtual machine boundaries with a lot of this. MDS exploits the fact that CPUs are hyper-threaded, with multiple cores on the same die that share caches. When you share caches, you can detect what the other CPU core was doing.”
In short, exploiting these vulnerabilities can actually let an attacker steal data from an application that they wouldn’t otherwise be able to access.
A further worry is that there are so many of these potential issues and variants of speculative execution attacks therein, that a ton of patching is needed on a pretty constant basis – indeed fixes are still being deployed for the initial Spectre bug from two years ago.
That’s why you need to have all the latest security patches for your OS, and the latest BIOS version, although even then, with hyper-threading running there’s the possibility of vulnerabilities which haven’t been found yet lurking in the background.
Hence all the advice on being truly secure pointing to disabling hyper-threading.
Kroah-Hartman adds: “If you’re not using a supported distro, or a stable long-term kernel, you have an insecure system. It’s that simple. All those embedded devices out there, that are not updated, totally easy to break.”
The Internet of Things, of course, has long been a major concern on the security front.
Ryzen to the challenge
You may recall that earlier this year, AMD took the time to clarify that its processors are immune to ZombieLoad and these MDS vulnerabilities, and the Linux developer confirmed that using simultaneous multi-threading with AMD chips is indeed a safe option (going by what’s known at the current time, anyway).
However, before all Intel processor owners go running for the hills in a panic about flawed security, bear in mind that the actual odds of being targeted by such an attack are likely to be fairly slim outside of the corporate world.
It’s not clear how many speculative execution vulnerabilities have actually been leveraged by attackers to good (or rather bad) effect to date, simply because it’s very hard to even detect these intrusions.
The average home user probably won’t ever be targeted, but there’s the rub – ‘probably’ is a very different word to ‘definitely’, and it still comes back to the fact that if you want your Intel PC to be truly secure from these kind of attacks, hyper-threading remains a potential hole in your computer’s security.
And of course, it’s also worth noting that all this is happening against a backdrop of Intel allegedly bringing hyper-threading to the entire range of its next-gen Comet Lake processors.