Your Processor Goes Brrrr… and Leaks Sensitive Data!!
Imagine you’re super careful about your data security. You only run trusted apps and software on your phone or computer, and you make sure they’re free of bugs. You’d think your data was completely safe, right? Well, not quite. Even if the software you use is flawless, modern processors, the brains of your devices—can still make mistakes. In order to run faster, they try to “guess” what might happen next (this is called speculative execution). Sometimes, they guess wrong, which might give them access to information they aren’t supposed to handle, like passwords or private. Even though this access is brief, it can still leak information through very sneaky side effects, which are called side-channels.
So, what is a side-channel? One simple example involves the time it takes your device to do things. Imagine you’re opening a locked box, and depending on how long it takes you, someone could guess whether the box was already unlocked or not. In computers, attackers can measure how long it takes the processor to retrieve data from its memory. By studying these tiny differences in time, they can figure out what kind of information is being accessed, even without directly touching it.
In 2018, researchers discovered two major security flaws, Spectre and Meltdown, that let attackers take advantage of this guessing behavior, in virtually all processors used in mobiles, desktops, and tablets, manufactured in the last 20 years by Intel, AMD, Apple, Qualcomm, IBM, etc.
Spectre tricks the processor into accessing data it shouldn’t by misleading the system’s guessing mechanism, while Meltdown takes advantage of a weakness in how certain processors separate user data from critical system data. Both allowed attackers to peek at sensitive information, like passwords or browser cookies, even if they weren’t supposed to have access.
What’s more concerning is that researchers continue to find new variations of these speculative execution attacks, along with new ways to exploit side-channels to leak data. In 2022, my collaborators at TU Graz and I discovered a new side-channel vulnerability called SQUIP. This vulnerability arises from the way processors schedule instructions for execution and the conflicts that occur when multiple instructions compete for shared resources in the processor’s internal queues. SQUIP was found to affect three generations of AMD Zen processors, and in certain conditions, it could allow attackers to steal sensitive data, like encryption keys, in just within few minutes.
One of the reasons these vulnerabilities are so hard to eliminate is that they’re rooted in the very mechanisms designed to make processors faster. Turning off these optimizations to fully eliminate the vulnerabilities would slow processors down by as much as 40% to 80%, undoing performance improvements gained over several generations. This creates a huge economic disincentive for semiconductor companies to fundamentally redesign their processors to avoid these issues entirely.
Additionally, today’s processors are incredibly complex, with designs consisting of tens of billions of tiny components called transistors. Even if companies wanted to eliminate every possible leak, finding and fixing all potential vulnerabilities in such intricate designs is an extremely difficult task. To help address this, my research group at the University of Toronto is working on automated tools that can detect these leaks early, during the design phase of the processor. Our goal is to help semiconductor companies find and fix these vulnerabilities before the processors even hit the market.
Unfortunately, these are not the only vulnerabilities in computing devices today. If you thought your data was safe as long as you weren’t actively using it or processing it—think again.
Even data that’s just sitting idle in your phone or computer’s memory (called DRAM) can be tampered with. A vulnerability known as Rowhammer allows programs to corrupt data in memory simply by accessing neighboring rows of memory cells.
Data is stored in DRAM as bits—1s and 0s—represented by tiny amounts of electrical charge. When certain rows of memory cells are accessed rapidly, they can cause nearby cells to lose some of their charge, which can flip a bit from 1 to 0, or vice versa. This means that malicious programs can alter your data just by hammering away at neighboring memory cells, even though they never actually touch your data directly. What makes Rowhammer even more troubling is that it is getting worse with newer DRAM chips. These chips are designed for higher capacities by densely packing memory cells closer together, making them more prone to these bit flips. To address this problem, with collaborators at Georgia Tech, UBC, University of Toronto, and NVIDIA, we have developed new CPU and DRAM that can protect against such vulnerabilities with efficient mitigation mechanisms, to help future systems to be protected against such vulnerabilities with minimal overheads.
In today’s world, where our economies, daily lives, and even national security depend on interconnected computing systems, securing these systems is critical. As new and more sophisticated hardware threats emerge, cybersecurity can no longer be just about secure software—it must also involve trustworthy hardware. Now more than ever, it’s time for academia, industry, governments, and consumers to invest in secure hardware to ensure a safe and resilient future for society.
