An Intel representative has commented on a recent claim that the company’s Hyper-Threading technology compromises security. The chipmaker believes the flaw is not critical and can be used only if a computer’s security had been broken before that.
“The company has been informed of the problem prior to the publication of the paper and it is working with software vendors such as Microsoft and Red Hat to fix the issues. But the flaw affects any processor that shares resources in the same manner as Hyper-Threading, not just Intel’s chips or Hyper-Threading-enabled chips,” said Howard High, an Intel official, in an interview with InfoWorld web-site.
According to a document released Friday, shared access to memory caches (which is used in all systems able to execute more than one software thread at once, including dual-processor or multi-processor servers as well as dual-core processors) provides not only an easily used high bandwidth covert channel between threads, but also permits a malicious thread (operating, in theory, with limited privileges) to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys.
The flaw only works on servers that have already been compromised through a separate attack, according to Intel. And if a user’s server has already been compromised, there are far easier and less time-consuming exploits that would allow a malicious attacker to gain control or a system or steal data, he said.
“The flaw is not considered critical, but it will be fixed in subsequent updates to the Microsoft and Linux operating systems,” Intel’s representative indicated.