ZombieLoad: Leaking Data on Intel CPUs

Presented at Black Hat Asia 2020 Virtual, Oct. 2, 2020, 2:20 p.m. (40 minutes)

The publication of Meltdown in January 2018 was the first instance of a hardware vulnerability which broke the security guarantees of modern CPUs. Meltdown allowed attackers to leak arbitrary memory by exploiting that Intel CPUs use lazy fault handling and continue transient execution with data originating from faulting loads. With stronger kernel isolation, a software workaround to prevent Meltdown attacks, and new CPUs with this vulnerability fixed, Meltdown seemed to be a solved issue.

In this talk, we show that Meltdown is still an issue on modern CPUs. We present ZombieLoad, a Meltdown-type attack which leaks data across multiple privilege boundaries: processes, kernel, SGX, hyperthreads, and even across virtual machines. We also compare ZombieLoad to other microarchitectural data-sampling attacks, such as Fallout and RIDL. We show that Meltdown mitigations do not affect ZombieLoad. The ZombieLoad attack can be mounted without any user interactions from an unprivileged application, both on Linux and Windows.

To demonstrate the danger of the ZombieLoad attack, we present multiple attacks, such as monitoring the browsing behavior, stealing cryptographic keys, and leaking the root-password hash on Linux. In a live demo, we show that such attacks are not only feasible but also relatively easy to mount. We will then discuss mitigations against the ZombieLoad attack.

We outline challenges for future research on Meltdown attacks and mitigations. Finally, we will discuss the short-term and long-term implications of Meltdown for hardware vendors, software vendors, and users.

Presenters:

• Moritz Lipp - InfoSec Researcher, Graz University of Technology
  Moritz Lipp is a PhD candidate in the CORESEC group at the Institute of Applied Information Processing and Communications at Graz University of Technology. His research focuses on microarchitectural attacks and has been published at international conferences. He presented his research at Black Hat Europe, Black Hat USA, Black Hat Asia and CCC. He was a part of the team that uncovered the Meltdown, Spectre and ZombieLoad vulnerabilities.
• Michael Schwarz - InfoSec Researcher, CISPA Helmholtz Center for Information Security
  <span>Michael Schwarz is a tenure-track faculty at the Helmholtz Center for Information Security (CISPA) in Saarbrücken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology (advised by Daniel Gruss). He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security. He is a regular speaker at both academic and hacker conferences (Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, and LVI vulnerabilities, as well as the ZombieLoad vulnerability. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.</span>

Links:

• https://www.blackhat.com/asia-20/briefings/schedule/#zombieload-leaking-data-on-intel-cpus-18605

Similar Presentations:

• DEF CON China 1.0 (2019) / Mission Impossible: Steal Kernel Data from User Space
• Black Hat USA 2018 / Meltdown: Basics, Details, Consequences
• ToorCon San Diego TwentyOne (2019) / ZombieLoad: Leaking Data on Intel CPUs