Intel's 'ZombieLoad' Fixes May Slow Processors by 9 Percent

Ruben Fields
May 18, 2019

Savvy users were forced to reconsider the wisdom of cloud computing - even if they patched their own machines, their data was only as safe as the processors the cloud providers used.

Intel a year ago disclosed that hackers could potentially read sensitive data on its processors, which power most data centers and personal computers, by exploiting a feature called speculative execution, in which the chip tries to guess which computations it will carry out ahead of time in an effort to speed up the chip.

A newly discovered flaw in Intel processors leaves owners with a stark choice: ignore the problem and risk being comprehensively hacked, or install a software fix which risks slowing down the host computer significantly. The researchers who published details on the attacks hailed from companies Cyberus, BitDefender Oracle, Qihoo360, along with Belgium's KU Leuven, the University of Adelaide, University of Michigan, Graz University of Technology, the Helmholtz Center for Information Security, Vrije Universiteit Amsterdam and Worcester Polytechnic Institute. Apps are usually only able to see their own data, but this bug reportedly allows that data to flow across those boundary walls.

Meanwhile, Google has also released patches to mitigate against ZombieLoad. As with Meltdown and Spectre, the mitigations will generally not hurt performance too much on home PCs, but some datacenter workloads could see performance drop by 8-9 percent. Essentially, exploiting the vulnerabilities would allow malicious types to eavesdrop on data as it makes its way across a CPU. In these cases, customers should consider how they utilize SMT for their particular workload (s), guidance from their OS and VMM software providers, and the security threat model for their particular environment.

Pompeo urges Russian Federation to reach out to Zelensky
As for reports that more US troops could be moved to the Middle East, Pompeo said he would defer to the Defense Department. He also noted that "there was no personal message from Putin to Trump".

What is described as Zombieload, RIDL and Fallout can used to attacks victims. "Such data could easily include their passwords or even keys to decrypt their encrypted hard drives".

Another expert pondered the issue of a performance slowdown and whether Intel would seek to bake in improved security practices in the future. "This drama will continue to play out in the days and weeks ahead".

The leak covered all Intel processors made since 2008 and would have been extremely easy to abuse, the researchers say.

PC users are also affected by these new vulnerabilities and will need to patch their systems, but most users probably won't notice any performance impact. "Or is this a natural occurrence of a security bug as all life cycles can and will produce?"

Other reports by

Discuss This Article