Aussie security researcher helps uncover latest Intel flaws

An Australian security researcher working at the University of Adelaide and the CSIRO’s Data61 has been revealed as one of the collaborators who uncovered the latest batch of Intel CPU vulnerabilities.

Yuval Yarom, a senior lecturer at Adelaide Uni, was one of ten researchers credited in the research paper [pdf] detailing the latest flaws found in a number of Intel’s Xeon products.

The new problem, known as Microarchitectural Data Sampling (MDS), “may allow a malicious user who can locally execute code on a system to infer data otherwise protected by architectural mechanisms,” VMware’s advisory on the flaw states.

Yarom, who also helped uncover the related Spectre and Meltdown flaws, told iTnews his involvement with the project to uncover the flaws follows on from those initial discoveries, and continued a longstanding collaboration with the University of Michigan.

“There I’m unofficially a supervisor of a collaborator [on the research], who is officially a supervisor of a student, and the student found one of the issues that has been disclosed,” Yuval said, referring to Marina Minkin and Daniel Genkin.

After the initial discovery, Yuval said they then reached out to other groups and researchers to continue the investigation, including Worcester Polytechnic Institute’s Daniel Moghimi, and Berk Sunar, plus Graz University of Technology’s Moritz Lipp, Michael Schwarz and Dael Gruss.

Frank Piessens from the Katholieke Universiteit Leuven also joined the team.

The group teased out the details of the vulnerabilities initially discovered in 2018, before reporting the details to Intel at the end of January 2019. Their efforts culminated in vendors rolling out patches this week.

As for whether vulnerabilities, dubbed ‘ZombieLoad’, have ever been used in the wild, the researchers say they’re not sure.

At ZombieLoadAttack.com, the discoverers said they don’t have data on whether the attack leaves any traces in traditional log files, meaning it will be hard to tell if any private data has been leaked.

The below demo video from ZombieLoadAttack illustrates the exploit in action, with website data being logged despite the victim using Tor to try and protect their browsing data on a virtual machine.