~HeadShot~
Discoverer
Hyper-Threading Considered Harmful
Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.
I am presenting details of how to exploit this security flaw at [RANK="www.bsdcan.org/2005/"]BSDCan 2005[/RANK] in Ottawa on May 13th, 2005. Following my talk, I will be releasing a 12-page paper on this website discussing this flaw and related problems, both realized and theoretical.
----------------------------------------------------------------------
Vendor statements
The following statements have been provided to me by vendors:
FreeBSD: This issue affects FreeBSD/i386 and FreeBSD/amd64, and is addressed in advisory FreeBSD-SA-05:09.htt.
NetBSD: The NetBSD Security-Officer Team believes that workarounds will be suitable for the majority of our users. Since this issue is a complex one, the 'right' solution will require a larger discussion which is only possible once this issue is public. This issue will be addressed in advisory NetBSD-SA2005-001, which will provide a list of workarounds for use until the 'final' conclusion is reached.
OpenBSD: OpenBSD does not directly support hyperthreading at this time, therefore no patch is available. Affected users may disable hyperthreading in their system BIOS. We will revisit this issue when hyperthreading support is improved.
SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.
----------------------------------------------------------------------
Q & A
1. Do I need to worry about my home computer?
Probably not. This security flaw is primarily a problem for servers.
2. I have an Apple computer, do I need to worry about this?
As far as I know, this flaw only exists on Intel processors.
3. My vendor, <Insert Name Here> isn't mentioned on your list of vendor statements! What should I do?
Some vendors haven't provided statements to me. This may be because they're too busy fixing the problem, or it may be due to corporate policies which forbid such disclosures. Either way, if there isn't a statement above, it's because I haven't received one. You may wish to check back later.
4. Where do you work?
I'm unemployed. For the past three months, I've spent almost all of my time working on this security flaw -- investigating how serious it was, contacting all of the affected vendors, explaining how this should be fixed, et cetera. I simply haven't had time to go out and get a job -- and I decided that making sure that this issue was properly reported and fixed was far more important than earning some money.
5. I think it's really great that you spent three months doing unpaid work to improve the security of other peoples' computers. What can I do to thank you for your efforts?
Money is always good. In all seriousness, there is a considerable amount of security-related work which I'd like to spend time doing, but if I can't get any money I'm going to have to get a Real Job instead. If you think you or your company could offer me some funding to allow me to continue my work, please let me know.
6. Why do you hate Intel so much?
I don't hate Intel -- in fact, I think Intel makes great CPUs, and I have an Intel processor in every computer I own. (Not that I have anything against AMD; it just happened to work out this way.) But as someone who works in the field of computer security, I don't play political games: If I find a vulnerability, I'm going to report it and work with vendors to fix it, regardless of what the problem is or who it affects.
7. I have a question which isn't on this list.
Feel free to contact me with any questions about this security flaw. I can't guarantee that I'll be able to reply to everyone -- I have no idea how many emails I'll get -- but I will make an effort to address every serious question I receive either via personal email or on this web page.
[RANK="www.daemonology.net/hyperthreading-considered-harmful/"]Source[/RANK]
Pretty interesting, I must admit!
Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.
I am presenting details of how to exploit this security flaw at [RANK="www.bsdcan.org/2005/"]BSDCan 2005[/RANK] in Ottawa on May 13th, 2005. Following my talk, I will be releasing a 12-page paper on this website discussing this flaw and related problems, both realized and theoretical.
----------------------------------------------------------------------
Vendor statements
The following statements have been provided to me by vendors:
FreeBSD: This issue affects FreeBSD/i386 and FreeBSD/amd64, and is addressed in advisory FreeBSD-SA-05:09.htt.
NetBSD: The NetBSD Security-Officer Team believes that workarounds will be suitable for the majority of our users. Since this issue is a complex one, the 'right' solution will require a larger discussion which is only possible once this issue is public. This issue will be addressed in advisory NetBSD-SA2005-001, which will provide a list of workarounds for use until the 'final' conclusion is reached.
OpenBSD: OpenBSD does not directly support hyperthreading at this time, therefore no patch is available. Affected users may disable hyperthreading in their system BIOS. We will revisit this issue when hyperthreading support is improved.
SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.
----------------------------------------------------------------------
Q & A
1. Do I need to worry about my home computer?
Probably not. This security flaw is primarily a problem for servers.
2. I have an Apple computer, do I need to worry about this?
As far as I know, this flaw only exists on Intel processors.
3. My vendor, <Insert Name Here> isn't mentioned on your list of vendor statements! What should I do?
Some vendors haven't provided statements to me. This may be because they're too busy fixing the problem, or it may be due to corporate policies which forbid such disclosures. Either way, if there isn't a statement above, it's because I haven't received one. You may wish to check back later.
4. Where do you work?
I'm unemployed. For the past three months, I've spent almost all of my time working on this security flaw -- investigating how serious it was, contacting all of the affected vendors, explaining how this should be fixed, et cetera. I simply haven't had time to go out and get a job -- and I decided that making sure that this issue was properly reported and fixed was far more important than earning some money.
5. I think it's really great that you spent three months doing unpaid work to improve the security of other peoples' computers. What can I do to thank you for your efforts?
Money is always good. In all seriousness, there is a considerable amount of security-related work which I'd like to spend time doing, but if I can't get any money I'm going to have to get a Real Job instead. If you think you or your company could offer me some funding to allow me to continue my work, please let me know.
6. Why do you hate Intel so much?
I don't hate Intel -- in fact, I think Intel makes great CPUs, and I have an Intel processor in every computer I own. (Not that I have anything against AMD; it just happened to work out this way.) But as someone who works in the field of computer security, I don't play political games: If I find a vulnerability, I'm going to report it and work with vendors to fix it, regardless of what the problem is or who it affects.
7. I have a question which isn't on this list.
Feel free to contact me with any questions about this security flaw. I can't guarantee that I'll be able to reply to everyone -- I have no idea how many emails I'll get -- but I will make an effort to address every serious question I receive either via personal email or on this web page.
[RANK="www.daemonology.net/hyperthreading-considered-harmful/"]Source[/RANK]
Pretty interesting, I must admit!