36C3 - ZombieLoad Attack

Title:
36C3 - ZombieLoad Attack
Description:

https://media.ccc.de/v/36c3-10754-zombieload_attack

Leaking Your Recent Memory Operations on Intel CPUs

The ZombieLoad attack exploits a vulnerability of most Intel CPUs, which allows leaking data currently processed by other programs. ZombieLoad is extremely powerful, as it leaks data from user-processes, the kernel, secure enclaves, and even across virtual machines. Moreover, ZombieLoad also works on CPUs where Meltdown is fixed in software or hardware.

The Meltdown attack published in 2018 was a hardware vulnerability which showed that the security guarantees of modern CPUs do not always hold. Meltdown allowed attackers to leak arbitrary memory by exploiting the lazy fault handling of Intel CPUs which continue transient execution with data received from faulting loads. With software mitigations, such as stronger kernel isolation, as well as new CPUs with this vulnerability fixed, Meltdown seemed to be solved.

In this talk, we show that this is not true, and Meltdown is still an issue on modern CPUs. We present ZombieLoad, an attack closely related to the original Meltdown attack, which leaks data across multiple privilege boundaries: processes, kernel, SGX, hyperthreads, and even across virtual machines. Furthermore, we compare ZombieLoad to other microarchitectural data-sampling (MDS) attacks, such as Fallout and RIDL. The ZombieLoad attack can be mounted from any unprivileged application, without user interactions, both on Linux and Windows.

In the talk, we present multiple attacks, such as monitoring the browsing behavior, stealing cryptographic keys, and leaking the root-password hash on Linux. In a live demo, we demonstrate that such attacks are not only feasible but also relatively easy to mount, and difficult to mitigate.

We show that Meltdown mitigations do not affect ZombieLoad, and consequently outline challenges for future research on Meltdown attacks and mitigations. Finally, we discuss the short-term and long-term implications of Meltdown attacks for hardware vendors, software vendors, and users.

Michael Schwarz Moritz Lipp Daniel Gruss

https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10754.html

more » « less
Video Language:
English
Duration:
56:00
C3Subtitles edited English subtitles for 36C3 - ZombieLoad Attack
C3Subtitles added new URL for 36C3 - ZombieLoad Attack
C3Subtitles added a video: 36C3 - ZombieLoad Attack
http://www.youtube.com/watch?v=vtq1Pb6IL1M
Format: Youtube
Primary
Original
Added   by C3Subtitles
Format: Youtube
Primary
Original
http://www.youtube.com/watch?v=OPHGWaeCreI
Format: Youtube
Added   by C3Subtitles
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)