Intel Haswell chips open to malware flaw

Researchers from the universities of Binghamton and California claim to have found that Intel Haswell microprocessors running on Linux, Windows, Android and Apple's iOS and MacOS have a vulnerability that could leave devices using the chips vulnerable to malware attacks.

The alleged flaw was discovered by researchers Dmitry Evtyushkin, Dmitry Ponomarev and Nael Abu-Ghazaleh in the address space layout randomisation (ASLR) feature, which randomises memory addresses used by processes to prevent arbitrary code from running and therefore should stop malware being provisioned.

However, the paper showed that this process to safeguard Haswell chips can be intercepted using the branch target buffer (BTB), part of the chip used to cache information in the CPU. The BTB's role is to store target addresses of recently executed branch instructions, which can be looked up to fetch instructions every time a cycle happens. This interception causes memory addresses to leak.

"Since the BTB is shared by several applications executing on the same core, information leakage from one application to another through the BTB side-channel is possible," the researchers explained.

Although the researchers discovered the flaw when using Linux, they said it can be used across operation systems and anyone using a device with a Haswell chip should be aware. The report added that people using 32-bit operating systems are particularly at risk because, although they have less addressable space for randomisation, hackers can build faster and more powerful attacks.

"ASLR implementations across different operating systems differ by the amount of entropy used and by the frequency at which memory addresses are randomised," the researchers said.

"The randomisation frequency can range from a single randomisation at boot or compile time to dynamic randomisation during program execution. More frequent re-randomisation reduces the probability of a successful attack."