In yet another act of brilliance by Intel engineers from the groundwork laid by former principal engineer Francois Piednoel it would seem that Intel’s beloved ring bus interconnect is also susceptible to side channel attacks hilariously named “Lord of the Ring(s)”.
Post-graduate researchers from the University of Illinois have discovered yet another severe exploit specific to Intel CPUs, that its ring interconnect can be exploited by malware to leak encryption keys and more.
Doctoral student Riccardo Paccagnella, master’s student Licheng Luo, and assistant professor Christopher Fletcher found the weaknesses. The researchers, all of whom are at the University of Illinois at Urbana-Champaign, examined the way CPU ring interconnects work . They found that hackers can abuse the rings for side-channel attacks.
“It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs”, Paccagnella told The Register. “The attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, it is hard to mitigate with existing side channel defenses.”
“Intel classified our attack as a ‘traditional side channel’ (like TLBleed, Portsmash, etc.),” said Paccagnella. “They treat this class of attacks differently than the class of ‘speculative execution / transient execution attacks’ (like Spectre, Meltdown, etc.). That is, they do not consider traditional side channel attacks as significant value for an attacker and they already published their suggested guidance on how to mitigate them in software here and here.”
Intel doesn’t seem all that phased by the exploit in question opting to do nothing about its ring bus flaws, despite the fact that it’s a side-channel vulnerability similar to the likes of Meltdown and Spectre citing that the “Lord of the Ring(s)” exploit wasn’t practical, as the research was conducted on pesky mainstream Comet Lake and Coffee Lake processors and how Intel’s glorious Mesh interconnect hasn’t been exploited.
“We introduce the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this channel. First, little is known about the ring interconnect’s functioning and architecture.
Second, information that can be learned by an attacker through ring contention is noisy by nature and has coarse spatial granularity. To address the first challenge, we perform a thorough reverse engineering of the sophisticated protocols that handle communication on the ring interconnect.
With this knowledge, we build a cross-core covert channel over the ring interconnect with a capacity of over 4 Mbps from a single thread, the largest to date for a cross-core channel not relying on shared memory. To address the second challenge, we leverage the fine-grained temporal patterns of ring contention to infer a victim program’s secrets. We demonstrate our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user.”
As for whether AMD processors are vulnerable, the researchers quickly stated “AMD CPUs utilize other proprietary technologies known as Infinity Fabric/Architecture for their on-chip interconnect. Investigating the feasibility of our attack on these platforms requires future work. However, the techniques we use to build our contention model can be applied on these platforms too.”
Exactly what Intel needs right about now, yet another major security flaw taking advantage of the hardware design of Intel Core processors meaning simple mitigations through future updates will never actually patch it.
In fact I actually question how mitigation updates affect Intel Core processors moving forward, as the ring bus interconnect has been prominently used on mainstream and enthusiast class Core processors for years now, including Intel’s latest 11th generation “Rocket Lake” processors which already suffers from horrendous core-to-core latency issues. Would be hilarious to see any future patches disrupt its shit latency even further.
Intel Core processors are RIDL’d with security flaws and vulnerabilities, only a true fangay would continue in supporting Intel and their Israeli backdoors.