Hardware security bug

In digital computing, hardware security bugs are hardware bugs or flaws that create vulnerabilities affecting computer central processing units (CPUs), or other devices which incorporate programmable processors or logic and have direct memory access, which allow data to be read by a rogue process when such reading is not authorized. Such vulnerabilities are considered "catastrophic" by security analysts.[1][2][3]

Types of vulnerabilities
Reading data by bypassing memory protection

Most known Hardware security bugs are concerns of side channel information harvesting. Most important are timing analysis, but in micro controllers also measurement of power consumption was used to harvest information.

Writing data by bypassing memory protection
Changing behaviour of other programs/thread by bypassing memory protection

Microcontroller: Power supply modulation to wrongly execute code.


Using bugs in CPUs

Most known Hardware security bugs are related to CPUs

Using bugs in RAM

Sledgehammering

Using bugs in other components

Chipset,

Speculative execution vulnerabilities

Starting in 2017 a series of security vulnerabilities were found in the implementations of speculative execution on common processor architectures which effectively enabled an elevation of privileges. It was possible to mitigate these flaws with changes to microcode.

These include:

Intel VISA

In 2019 researchers discovered that a manufacturer debugging mode, known as VISA, had an undocumented feature on Intel Platform Controller Hubs, which are the chipsets included on most Intel-based motherboards and which have direct memory access, which made the mode accessible with a normal motherboard possibly leading to a security vulnerability.[4]

See also

References
  1. Bruce Schneier (January 5, 2018). "Spectre and Meltdown Attacks Against Microprocessors – Schneier on Security". www.schneier.com. Retrieved February 4, 2019. Spectre and Meltdown are pretty catastrophic vulnerabilities, ...
  2. "This Week in Security: Internet Meltdown Over Spectre of CPU Bug". Cylance.com. 2018-01-05. Retrieved February 4, 2019. The security implications of the Meltdown and Spectre vulnerabilities are indeed catastrophic for systems engineering.
  3. "Meltdown, Spectre: here's what you should know". Rudebaguette.com. January 8, 2018. Retrieved February 4, 2019. [sic]: The effects of these vulnerabilities are catastrophic: « at best, the vulnerability can be used by malwares and hackers to exploit other security linked bugs. At worse, the flaw can be used by software and authentified users to read the kernel’s memory
  4. Lucian Armasu. "Intel Chipsets' Undocumented Feature Can Help Hackers Steal Data". Tom's Hardware.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.