You’re forgiven if the huge Intel chip vulnerability disclosure from a couple of days ago slipped under your radar. For one thing, the new problems are sort of variants of the much splashier Spectre and Meltdown bugs of early 2018. For another, Intel and the entire industry had time to work together to co-announce these new vulnerabilities alongside the patches for them.
The new vulnerabilities are built into Intel hardware and go by various names. ZombieLoad, Fallout, or RIDL are the catchy ones; the more technical name is Microarchitectural Data Sampling (MDS). Before we get into it more, you probably want to know what to do about it.
How you should respond to MDS is probably exactly what you expect: update your operating system when it asks you to and also make sure your browser is up to date — either can be a vector for these new attacks. Only devices running on Intel chips are affected (though it’s all of them between 2011 the release of fairly recent chips), so iOS devices and the vast majority of Android devices are safe. And it should also be said that there’s been no reported exploits taking advantage of these vulnerabilities in the wild.
Here are the MDS information pages from a bunch of big software vendors, all of whom have already provided patches or will do so in the very near future:
- Red Hat
Update your software. It’s a simple fix, until — maybe — it isn’t.
There’s a complicated and potentially painful decision in store for people who fit a particular profile. Specifically, if you think you’re more likely to be the target of a hack than usual and if you need to be able to push your processor to do computationally intensive things, you will have to make a choice between a higher level of security or a performance hit.
On a very basic level, MDS takes advantage of an advanced processor feature called “speculative execution,” just like Spectre and Meltdown did. If you want a detailed and readable breakdown of how it works, Andy Greenberg at Wired has you covered. The important part for a layperson to understand is that because MDS uses a different methodology than those earlier vulnerabilities, it requires different protections.
Specifically, there’s a feature on Intel processors called “hyper-threading” that allows the processor to do several things at once. Alongside software patches, fully protecting yourself against MDS means turning that off — and for some users that will result in a significant performance hit.
The trade-off here is one that’s familiar to anybody who works in computer security: perfect security is impossible, instead it’s all about assessing your risk and the threat level. Deciding whether it’s worth the performance hit to turn off hyper-threading is complicated — and so different companies are making different decisions.
Intel, as you might expect, has downplayed the performance hit — though even its testing shows a slowdown as big as 9 percent for consumer products and 19 percent on servers. Choosing to just apply that big a hit across the board is not something tech companies are eager to do, so they’ve all taken different approaches.
Apple chose to leave hyper-threading on by default. Apple says that “customers with computers at heightened risk or who run untrusted software on their Mac” should turn it off — but that the hit to performance could be as much as 40 percent.
Microsoft is a little fuzzier in its language about hyper-threading, but says it has “seen some performance impact” and so “in some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations.”
Apple provides instructions on how to disable hyper-threading, while Microsoft has a much more complicated hardware ecosystem and so has a much more complicated guide about how to do it.
Google made a different choice with Chrome OS: it’s turning off hyper-threading by default. For the vast majority of tasks users do on a Chromebook, hyper-threading doesn’t really apply. For those who need it, there’s a way to turn it back on.
Three cases, three different approaches. But the thing they all have in common is that these companies are making a decision I’m sure none of them really enjoy. They’re choosing a security default and then telling users they’re on their own to decide whether it’s a good idea to change it.
Are the people who actually need to think about turning hyper-threading on or off really equipped to make an informed decision about these security trade-offs? I tend to doubt it. But all of these companies rightly felt the performance hit was big enough that they shouldn’t take that decision away from consumers.
It’s not a fun situation — nor will it get better anytime soon. The reason Spectre and Meltdown were such big deals is they revealed an entirely new method for compromising Intel hardware. That method can be applied in lots of different ways, and MDS is not likely to be the last one.
There is good news in all of this: the coordinated disclosure of MDS is a very good sign that security researchers, Intel, and the major players in the tech community are all working together to mitigate these risks. And because this is a flaw in Intel hardware, there’s no permanent fix until users buy new chips without the problem.
Until then, there’s going to be more cycles of new vulnerabilities and fixes, each likely to put the same hard choices in front of both tech companies and users. ZDNet pointed me to a post by Greg Kroah-Hartman, the maintainer for the stable branch of Linux kernel. He said it best: “As I said before just over a year ago, Intel once again owes a bunch of people a lot of drinks for fixing their hardware bugs, in our software.”