Intel CPUs vulnerable to new types of cyberattacks

Intel processors of different generations have been found to be vulnerable to a new type of CPU attack that exploits vulnerabilities in hardware devices to gain access to sensitive information. In this mode, Data leaks via EFLAGS (Extended Flags) registration, controlling the flow of the program and making operational decisions.

The new cyberattack was detected by security researchers from the universities of Maryland in the US and Tsinghua in China in partnership with a computer lab (BUPT) run by the Chinese Ministry of Education. The work, which has not yet undergone peer review, is hosted on the preprints platform arXiv on April 21.

Technique used by threat actors exploits a temporary execution flaw Affects the timing of Conditional Code Jump (JCC) commands used to redirect the flow of program control to a specific location.

How does the new CPU attack work?

The new type of attack against Intel CPUs has been dubbed the “ad hoc execution attack”. This type of routine occurs when normal processor operation is temporarily interrupted by an external event. In the study, The CPU side channel has been implemented in machines with Intel Core i7-6700, i7-7700 and i9-10980XE models..

According to the research, “the attack encodes the registry change, which slightly slows the context execution time that can be measured by the attacker to decode the data.” Unlike previous threats, this is not cache system dependent and you don’t even need to reset the EFLAGS register manually..

These differences make attacks virtually undetectable and extremely difficult to mitigate. Execution by hackers is also complicated. “For about 6 to 9 cycles after the transient run, the JCC runtime won’t be about to form a side channel”, i.e. accuracy takes thousands of tries