Another brutal Intel CPU flaw found
Back when Meltdown and Spectre were revealed, the first devastating CPU bypass attacks that changed the industry, researchers warned that many more similar attacks were likely to surface in the future.
That prophecy came true with other attacks in May, and yet another major disclosure today of a new flaw, dubbed 'Foreshadow.' It's got a logo, and a fancy website, which is how you know it's a real, genuine problem, right?
Foreshadow attacks Intel's "secure enclave" area (SGX), designed to keep critical data secure, blocked from access at the operating system level, and often used for secure web browsing or DRM.
SGX is a relatively new feature for Intel, added in 2013 to address a growing need for a way to ensure data is not able to be tampered with, requiring special cryptographic keys from the developer to access it. The details aren't particularly interesting, but this is now a feature that ships with all Intel processors.
Foreshadow basically breaks down those firewalls and uses similar speculative execution techniques we saw earlier this year to gain access to the data stored there, even without the necessary keys to prove the application allowed. Essentially, data that's inherently designed to not be accessed by another application can be tricked into sharing it, or even disclosing the keys to access it in the first place.
This is a large problem, mostly, for enterprises like Amazon Web Services and Google Cloud, which run hundreds of 'untrusted' virtual machines. Machines running in the cloud on AWS, for example, and handling workloads for lots of different customers could be particularly vulnerable to such attacks.
What consumer products actually use SGX, anyway? Well, 1Password detailed at length how it uses SGX in 2017 to protect its own secrets, as is a beta of the Signal messaging service. It's likely many others do, though it's usually not publicly disclosed.
Even the Foreshadow researchers themselves note how difficult the attack would be to actually execute in the wild, requiring the attacker to go to ludicrous lengths to steal data from individuals when phishing is cheaper, and more practical. Still, this is not so much an attack designed for the end user, but the entire infrastructure itself.
The good news: this is widely patched already, thanks to early disclosure to Amazon, Google, Intel, Microsoft and many others, making the exploit already largely protected against in the software level, but it's a difficult problem to resolve given it's a hardware-level flaw.
What's worrying in general is how many of these flaws are lurking under the surface, and how often we're seeing them emerge. I say it tongue-in-cheek when I say it's been zero days since the last devastating chip flaw, but it feels like the clock is resetting every few days.
Why this matters: Some publications have called this the 'chipocalypse' and to some extent, that might be true: Intel is both struggling with building secure hardware, and its next-generation processor technology.
There's a wide-open window for a competitor to jump in, as every chip purchaser in the world looks to switch away every time another one of these exploits appears (Apple would just love to drop Intel, and Microsoft is flirting with the same).
For deep background on this exploit, and the history behind it, Red Hat has a great long read.
Inside Evernote's brain
I was wondering aloud yesterday with friends what the hell Evernote is up to, and today we've got a deep dive on what's up. Apparently, a rebrand, and an effort to become relevant again.
5G TV deals are weird
US carriers are bundling entire TV boxes from third parties with 5G rather than building their own. Verizon is apparently trying to close a deal with YouTube TV or Apple TV as its default streaming service on the 5G network, which would be a fun change of pace, but also maybe entirely not necessary to bundle.