Another Side Channel CPU Attack Steals Secrets

As CPU makers try to get every once of performance out of chips, they have to rely on somewhat dicey techniques to do that. This one is an equal opportunity fail for Intel, AMD and ARM.

It is called SLAM or Spectre based on Linear Address Masking or LAM. Read the link if you want to understand what that means, but basically, chip makers are trying to make more memory directly accessible to programs that need lots of memory (like AI) and it is hard to do securely.

LAM is Intel’s name, AMD calls it UAI and ARM calls it Top Byte Ignore.

In any case, researchers at the Vrije Universiteit in Amsterdam discovered the attack. Full disclosure: my brother is the retired chairman of the computer science department at the university.

One thing they were able to do is leak the root password hash. Not good.

The SLAM attack targets “unmasked” gadgets that use secret data as a pointer. The researchers found hundreds of these gadgets in the Linux Kernel.

ARM says they don’t plan to fix it.

AMD is non-committal.

Intel says they will provide guidance before releasing new chips that support LAM.

The problem with fixing it is that it will probably have significant negative performance impact. So they won’t do it until they have to. Side channel attacks are more of a problem in the cloud where you don’t know what other users are running on the same computer as you are.

For now, Linux engineers have created patches to disable LAM (and reduce performance, unfortunately).

At some point we are going to need to create new architectures, which will be highly disruptive as operating systems and compilers will need to be rewritten or at least heavily modified. Think of Amazon’s and Microsoft’s new chip announcements last week.

Until then, it is a cat and mouse game and the mice seem to be winning.

Credit: Bleeping Computer