Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
VUSec researchers reveal a SLAM method for stealing sensitive data.
Cybersecurity researchers at VUSec have discovered Spectre vulnerabilities to leak sensitive data from the processor's RAM. This method is called SLAM, which stands for (Spectre Based On Linear Address Masking).
Unlike previous methods of exploiting Spectre, SLAM is not aimed at finding new vulnerabilities in the mechanisms of speculative execution of instructions by the processor, but at using common, but previously unexplored sections of program code.
These are so — called "unmasked gadgets" ("unmasked_gadget") - code fragments where secret data, such as pointers to memory areas, is used directly, without any checks or masking. Such constructs are quite common in a wide variety of software products.
So, the researchers found tens of thousands of such potentially vulnerable fragments in the source code of the Linux kernel. Hundreds of them can be used by hackers to steal data.
Using the SLAM method, hackers can steal arbitrary data from the Linux kernel, including hashes or fragments of user passwords. This demonstrates that even modern operating systems contain vulnerabilities related to speculative command execution.
In addition, SLAM allows you to exploit potential flaws in future hardware memory protection mechanisms. We are talking about technologies that Intel (Linear Address Masking, LAM), AMD (Upper Address Ignore, UAI) and other processor manufacturers are planning to implement.
Thus, the study demonstrates that even new hardware-level security tools can have flaws that allow attacks on confidential data using vulnerabilities like Spectre.
In response to the publication of the study, manufacturers published recommendations and patches to protect against such attacks. Intel has announced plans to provide additional instructions on how to use LAM technology. Linux developers have released kernel updates that disable LAM by default.
Nevertheless, despite the measures taken, the problem of processor vulnerabilities associated with speculative instruction execution remains relevant. Experts predict the emergence of new methods of attacks that will exploit other shortcomings of hardware and software mechanisms.
Cybersecurity researchers at VUSec have discovered Spectre vulnerabilities to leak sensitive data from the processor's RAM. This method is called SLAM, which stands for (Spectre Based On Linear Address Masking).
Unlike previous methods of exploiting Spectre, SLAM is not aimed at finding new vulnerabilities in the mechanisms of speculative execution of instructions by the processor, but at using common, but previously unexplored sections of program code.
These are so — called "unmasked gadgets" ("unmasked_gadget") - code fragments where secret data, such as pointers to memory areas, is used directly, without any checks or masking. Such constructs are quite common in a wide variety of software products.
So, the researchers found tens of thousands of such potentially vulnerable fragments in the source code of the Linux kernel. Hundreds of them can be used by hackers to steal data.
Using the SLAM method, hackers can steal arbitrary data from the Linux kernel, including hashes or fragments of user passwords. This demonstrates that even modern operating systems contain vulnerabilities related to speculative command execution.
In addition, SLAM allows you to exploit potential flaws in future hardware memory protection mechanisms. We are talking about technologies that Intel (Linear Address Masking, LAM), AMD (Upper Address Ignore, UAI) and other processor manufacturers are planning to implement.
Thus, the study demonstrates that even new hardware-level security tools can have flaws that allow attacks on confidential data using vulnerabilities like Spectre.
In response to the publication of the study, manufacturers published recommendations and patches to protect against such attacks. Intel has announced plans to provide additional instructions on how to use LAM technology. Linux developers have released kernel updates that disable LAM by default.
Nevertheless, despite the measures taken, the problem of processor vulnerabilities associated with speculative instruction execution remains relevant. Experts predict the emergence of new methods of attacks that will exploit other shortcomings of hardware and software mechanisms.
