Hardware security bug

In digital computing, hardware security bugs are hardware bugs or flaws that create vulnerabilities affecting computer central processing units (CPUs), or other devices which incorporate programmable processors or logic and have direct memory access, which allow data to be read by a rogue process when such reading is not authorized. Such vulnerabilities are considered "catastrophic" by security analysts.[1][2][3]

Speculative execution vulnerabilities

Starting in 2017, a series of security vulnerabilities were found in the implementations of speculative execution on common processor architectures which effectively enabled an elevation of privileges.

These include:

Intel VISA

In 2019 researchers discovered that a manufacturer debugging mode, known as VISA, had an undocumented feature on Intel Platform Controller Hubs, which are the chipsets included on most Intel-based motherboards and which have direct memory access, which made the mode accessible with a normal motherboard possibly leading to a security vulnerability.[4]

See also

References

  1. ^ Bruce Schneier (January 5, 2018). "Spectre and Meltdown Attacks Against Microprocessors – Schneier on Security". www.schneier.com. Retrieved February 4, 2019. Spectre and Meltdown are pretty catastrophic vulnerabilities, ...
  2. ^ "This Week in Security: Internet Meltdown Over Spectre of CPU Bug". Cylance.com. 2018-01-05. Retrieved February 4, 2019. The security implications of the Meltdown and Spectre vulnerabilities are indeed catastrophic for systems engineering.
  3. ^ "Meltdown, Spectre: here's what you should know". Rudebaguette.com. January 8, 2018. Retrieved February 4, 2019. [sic]: The effects of these vulnerabilities are catastrophic: « at best, the vulnerability can be used by malwares and hackers to exploit other security linked bugs. At worse, the flaw can be used by software and authentified users to read the kernel's memory
  4. ^ Lucian Armasu (29 March 2019). "Intel Chipsets' Undocumented Feature Can Help Hackers Steal Data". Tom's Hardware.