Tuesday March 31, 2020
Home Lead Story Computer Scie...

Computer Scientists Find New Vulnerability in Intel Processors

In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities

0
//
Intel
In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities that computer scientists at KU Leuven have helped expose. Wikimedia Commons

Computer scientists at Belgium’s leading higher education and research university KU Leuven have once again exposed a security flaw in Intel processors that could allow an attacker to acquire sensitive information, such as the victim’s fingerprints or passwords.

In the past couple of years, Intel had had to issue quite a few patches for vulnerabilities that computer scientists at KU Leuven have helped expose.

“All measures that Intel has taken so far to boost the security of its processors have been necessary, but they were not enough to ward off our new attack,” said Jo Van Bulck from the Department of Computer Science at KU Leuven. Like the previous attacks, the new technique – dubbed Load Value Injection – targets the ‘vault’ of computer systems with Intel processors: SGX enclaves.

“To a certain extent, this attack picks up where our Foreshadow attack of 2018 left off. A particularly dangerous version of this attack exploited the vulnerability of SGX enclaves, so that the victim’s passwords, medical information, or other sensitive information was leaked to the attacker,” Jo Van Bulck said in a statement released by KU Leuven on Tuesday.

“Load Value Injection uses that same vulnerability, but in the opposite direction: The attacker’s data are smuggled – ‘injected’ – into a software programme that the victim is running on their computer. Once that is done, the attacker can take over the entire programme and acquire sensitive information, such as the victim’s fingerprints or passwords.”

The vulnerability was already discovered on April 4, 2019. Nevertheless, the researchers and Intel agreed to keep it a secret for almost a year. Responsible disclosure embargoes are not unusual when it comes to cybersecurity, although they usually lift after a shorter period of time.

“We wanted to give Intel enough time to fix the problem. In certain scenarios, the vulnerability we exposed is very dangerous and extremely difficult to deal with because, this time, the problem did not just pertain to the hardware: The solution also had to take software into account,” Van Bulck said.

Intel
Computer scientists at Belgium’s leading higher education and research university KU Leuven have once again exposed a security flaw in Intel processors that could allow an attacker to acquire sensitive information, such as the victim’s fingerprints or passwords. Wikimedia Commons

“Therefore, hardware updates like the ones issued to resolve the previous flaws were no longer enough. This is why we agreed upon an exceptionally long embargo period with the manufacturer,” Van Bulck added. The researcher said that Intel ended up taking extensive measures that force the developers of SGX enclave software to update their applications.

“However, Intel has notified them in time. End-users of the software have nothing to worry about: They only need to install the recommended updates,” Van Bulck said. “Our findings show, however, that the measures taken by Intel make SGX enclave software up to 2 to even 19 times slower,” he added.

ALSO READ: Google Plans To Establish “Coronavirus Fund” To Support Temporary Staff and Vendors Globally

In 2018, when researchers at KU Leuven discovered a vulnerabiliy, their attack was dubbed Foreshadow. In 2019, an attack, dubbed “Plundervolt”, revealed another vulnerability. Intel has released updates to resolves both flaws. (IANS)

Next Story

Know About Where Do Employees Actually Gaze At During Video Calls

For the study, published in the journal Attention, Perception & Psychophysics, the team compared fixation behaviour in 173 participants under two conditions

0
Video Chat
The phenomenon known as "gaze cueing," a powerful signal for orienting attention, is a mechanism that likely plays a role in the developmentally and socially important wonder of "shared" or "joint" attention where a number of people attend to the same object or location. Pixabay

 As more and more people use video conferencing tools to stay connected in social distancing times, neuroscientists from Florida Atlantic University have found that a person’s gaze is altered during tele-communication if they think that the person on the other end of the conversation can see them.

The phenomenon known as “gaze cueing,” a powerful signal for orienting attention, is a mechanism that likely plays a role in the developmentally and socially important wonder of “shared” or “joint” attention where a number of people attend to the same object or location.

“Because gaze direction conveys so much socially relevant information, one’s own gaze behaviour is likely to be affected by whether one’s eyes are visible to a speaker,” said Elan Barenholtz, associate professor of psychology. For example, people may intend to signal that they are paying more attention to a speaker by fixating their face or eyes during a conversation.

Please Follow NewsGram on Twiiter To Get Latest Updates From All Around The World!

“Conversely, extended eye contact also can be perceived as aggressive and therefore noticing one’s eyes could lead to reduced direct fixation of another’s face or eyes. Indeed, people engage in avoidant eye movements by periodically breaking and reforming eye contact during conversations,” explained Barenholtz.

People are very sensitive to the gaze direction of others and even two-day-old infants prefer faces where the eyes are looking directly back at them. Social distancing across the globe due to coronavirus (COVID-19) has created the need to conduct business “virtually” using Skype, web conferencing, FaceTime and any other means available.

For the study, published in the journal Attention, Perception & Psychophysics, the team compared fixation behaviour in 173 participants under two conditions: one in which the participants believed they were engaging in a real-time interaction and one in which they knew they were watching a pre-recorded

The researchers wanted to know if face fixation would increase in the real-time condition based on the social expectation of facing one’s speaker in order to get attention or if it would lead to greater face avoidance, based on social norms as well as the cognitive demands of encoding the conversation.

Online, Webinar, Teacher, Conferencing, Tutor, Video
As more and more people use video conferencing tools to stay connected in social distancing times, neuroscientists from Florida Atlantic University have found that a person’s gaze is altered during tele-communication if they think that the person on the other end of the conversation can see them. Pixabay

Results showed that participants fixated on the whole face in the real-time condition and significantly less in the pre-recorded condition. In the pre-recorded condition, time spent fixating on the mouth was significantly greater compared to the real-time condition. There were no significant differences in time spent fixating on the eyes between the real-time and the pre-recorded conditions. To simulate a live interaction, the researchers convinced participants that they were engaging in a real-time, two-way video interaction (it was actually pre-recorded).

ALSO READ: “Coronavirus Lockdown Will Teach People Many important Lessons About Life”, Says Actor Aparshakti Khurana

When the face was fixated, attention was directed toward the mouth for the greater percentage of time in the pre-recorded condition versus the real-time condition. “Given that encoding and memory have been found to be optimized by fixating the mouth, which was reduced overall in the real-time condition, this suggests that people do not fully optimize for speech encoding in a live interaction,” the authors wrote. (IANS)