Hardware security bug: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:26, 26 November 2019 edit 2003:c3:6707:9100:e899:9e86:ac1b:9278 (talk) →Speculative execution vulnerabilities ← Previous edit		Latest revision as of 20:51, 30 September 2022 edit undo Citation bot (talk \| contribs) Bots 5,868,077 edits Add: date. \| Use this bot. Report bugs. \| Suggested by Whoop whoop pull up \| Category:Side-channel attacks \| #UCB_Category 1/24
(5 intermediate revisions by 5 users not shown)
Line 1: {{short description\|Hardware bug}} In digital computing, '''hardware security bugs''' are [[hardware bug]]s or flaws that create [[Vulnerability (computing)\|vulnerabilities]] affecting computer [[central processing unit]]s (CPUs), or other devices which incorporate programmable processors or logic and have [[direct memory access]], which allow data to be read by a rogue process when such reading is not authorized. Such vulnerabilities are considered "catastrophic" by security analysts.<ref> {{cite web \| url=https://www.schneier.com/blog/archives/2018/01/spectre_and_mel_1.html Line 24 ⟶ 25: }} </ref> ==~~Types~~Speculative ofexecution vulnerabilities == Starting in 2017, a series of security vulnerabilities were found in the implementations of [[speculative execution]] on common processor architectures which effectively enabled an elevation of [[privilege (computing)\|privileges~~]]. It was possible to mitigate these flaws with changes to [[microcode~~]].▼ ~~;Reading data by bypassing memory protection:~~ Most known Hardware security bugs are concerns of side channel information harvesting. Most important are timing analysis, but in micro controllers also measurement of power consumption was used to harvest information. ~~;Writing data by bypassing memory protection:~~ ~~;Changing behaviour of other programs/thread by bypassing memory protection:~~ ~~Microcontroller: Power supply modulation to wrongly execute code.~~ ~~;Using bugs in CPUs:~~ ~~Most known Hardware security bugs are related to CPUs~~ ~~;Using bugs in RAM:~~ ~~Sledgehammering~~ ~~;Using bugs in other components:~~ ~~Chipset,~~ ~~===Speculative execution vulnerabilities===~~ ▲Starting in 2017 a series of security vulnerabilities were found in the implementations of [[speculative execution]] on common processor architectures which effectively enabled an elevation of [[privilege (computing)\|privileges]]. It was possible to mitigate these flaws with changes to [[microcode]]. These include: * [[~~Spectre~~Foreshadow (security vulnerability)\|~~Spectre~~Foreshadow]] * [[Meltdown (security vulnerability)\|Meltdown]] * [[SPOILER_(security_vulnerability)\|SPOILER]] * [[Foreshadow (security vulnerability)\|Foreshadow]]▼ * [[Microarchitectural Data Sampling]] ▲* [[~~Foreshadow~~Spectre (security vulnerability)\|~~Foreshadow~~Spectre]] * [[SPOILER (security vulnerability)\|SPOILER]] * [[Pacman (security vulnerability)\|Pacman]] ==Intel VISA== In 2019 researchers discovered that a manufacturer debugging mode, known as VISA, had an undocumented feature on [[Intel Corporation\|Intel]] Platform Controller Hubs, which are the chipsets included on most Intel-based motherboards and which have direct memory access, which made the mode accessible with a normal motherboard possibly leading to a security vulnerability.<ref name=toms>{{cite web\|url=https://www.tomshardware.com/news/intel-visa-undocumented-feature-chipsets-cpus,38954.html\|title=Intel Chipsets' Undocumented Feature Can Help Hackers Steal Data\|work=Tom's Hardware\|author=Lucian Armasu\|date=29 March 2019 }}</ref> == See also == Line 64 ⟶ 51: ~~[[category:Computer security]]~~ [[category:Computer security exploits]] [[category:Hardware bugs]] [[category:Side-channel attacks]] [[~~category~~Category:2018 in ~~computer science~~computing]]