Can Applications Withstand the ZombieLoad Attack?
As if Meltdown, Spectre and Foreshadow were not enough, recently a new critical vulnerability called ZombieLoad has been discovered that affects a series of modern Intel processors. This vulnerability enables a potential attacker to read small pieces of information from various programs running on the same computer, taking advantage of a special feature of the Intel chip called speculative execution.
Speculative execution, a technique that CPU designers employ to improve performance, involves the processor reading some data in advance before data is requested. The processor is then able to preempt any requests for operations that it receives in the next few clock cycles and executes those operations before they are actually made. The CPU puts the results of those operations in the short-term memory cache. Normally, applications are architecturally isolated from the cache and cannot read the separate protected space. ZombieLoad, however, provides an unintended path for doing this by allowing arbitrary programs to read data from the short-term memory cache.
Software Vulnerability Poses Untold Risk
This vulnerability opens up a way for deploying a wide range of software attacks. According to the researchers who discovered the vulnerability in May, ZombieLoad allows a malicious program to access sensitive data currently processed by other running programs such as browser history, website content, secret keys and passwords. Even applications running in the cloud are not safe, because the only thing necessary to mount an attack is the installation and execution of a malicious program designed to operate under these conditions.
ZombieLoad affects almost all Intel chips produced since 2011, which means that all MacBooks, a majority of Windows PCs, most Linux servers and many Chromebooks are in the danger zone. Moreover, while the problem is fixed in newer processors, it will take some time for everyone to catch up and protect themselves, whether by replacing the hardware or installing patches. In any case, the cost and risk implications are great.
The Connection Between Risk and Design
Software applications are filled with secrets that could be harmful if disclosed. Such secrets may include passwords, cryptographic keys, signatures, licenses and proprietary algorithms. Exposing this sensitive information to malware or a skillful hacker may lead to broken security mechanisms, the misuse of data and an enormous loss to software vendors. All of this is possible if protected memory becomes readable by unprivileged programs at some point in time, and this is exactly what the ZombieLoad vulnerability allows.
What is the solution? As history has shown, there are risks to relying on the security of the software execution environment, such as the processor, memory and operating system. The real line of defense needs to be the application itself. This means that a well-designed application should use additional defense-in-depth measures to supplement the underlying system or external security mechanisms, such as anti-virus software. For example, appropriate security features can be embedded into the application, independent of the execution environment. These security features might include code obfuscation, code integrity protection, white-box cryptography, anti-piracy and anti-debugging mechanisms.
For example, if a secret key is embedded into an application in such a way that the key never emerges in cleartext, reading any piece of the key data through ZombieLoad or any other means will not yield any useful information. Or, if there is a proprietary algorithm implemented within the application code but the code is obfuscated, for example by transforming or flattening its execution flow, any revealed parts of the algorithm will appear as meaningless code. In other words, even if a device is compromised, the protected application executed on the device will still protect its secrets.
Applications as Self-Contained Fortresses
ZombieLoad is not the last hardware vulnerability that will be discovered; many more will follow. Because of the increasingly diversified, interconnected and open ecosystem of modern software, it is only a matter of time until the next security loophole is discovered and employed to cause damage.
The integrity of applications is crucial to businesses as they depend on sensitive data. It is essential that we find, develop and commercialize technologies that can turn applications into self-contained fortresses, able to stand on their own.
This is a conversation we need to have across information technology and security, and one that is already familiar to software developers. The question is, How will we protect sensitive data assets and the privacy of individuals and firms under the relentless assault represented by ZombieLoad and other threats? This open, frank discussion—or perhaps, more aptly, an examination of how we can inoculate applications—is critical if we are to have a fighting chance when the next attack strikes.