Slashdot Mirror
Hyperthreading Considered Harmful
cperciva writes "Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition,
Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious
security flaw. This flaw permits local information disclosure, including
allowing an unprivileged user to steal an RSA private key being used on the
same machine. Administrators of multi-user systems are strongly advised
to take action to disable Hyper-Threading immediately.
I will be presenting this attack at
BSDCan 2005 at 10:00 AM EDT on May 13th, and at the conclusion of my talk
I will also releasing a paper describing the attack and possible mitigation
strategies."
to give their hyper-threading processors some Ritalin.
Doesn't Linux handle HT the same way it handles SMP? So even if there was a hole in HT, hardware-wise, software wise you would be just as protected as you would be on an SMP system?
Marques Johansson
Shit, did anyone see that blur???
Yeah, I think that was Intel's server market going right out the window at Mach 10...
I am counteracting the harmful effects of hyperthreading by eating a high-fiber diet. So far, I haven't had any problems.
You see? You see? Your stupid minds! Stupid! Stupid!
Not all multi-user systems are designed to be secure against the best hackers around, and there is often bad cost/benefit at following all security recommendations as soon as you hear about them.
Give us some more facts, so that we can think for ourselves.
Not much to read yet. Seems more like a publicity stunt by the author. This could have been posted *after* the details have been published.
I'm curious to see how an exploit can be made out of this. Is it possible to assign one of the virtual CPUs to a "sniffer" for a prolonged period?
Can someone tell me what this "Sig" box is for??
I read about this last night here at KernelTrap. They offer more info, evidently having talked to Colin...
Ooooo, I'm SCARED!
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Jason? Is that you? (or your evil geeky twin brother?)
Recompile your kernel with hyper-threading disabled. Simple question: Why do I have to wait until this guy does his conference presentation to find out what the exploit is, how it is implemented? I have to admit that this is one time when RTFA didn't work. Anyone have any more information?
Always do right. This will gratify some people and astonish the rest. -- Mark Twain
...I'm glad I'm stuck with a 1-gig Pentium III.
You can hold down the "B" button for continuous firing.
On MTS (IBM mainframe OS used at universities in the 70's/80's and probably into the 90's) there was a bug where when process switching, the FP registers of the last process to run were stored in a world-readable page of memory. The RPI ACM used this to create an inter-process communication program -- actually a 'chat' program (MTS had no inter-process communication other than files at the time).
With Moore's Law still holding up, isn't it a little early to be using up names like "Extreme Edition?" So, I'd like to propose my own corollary to Moore's Law:
"The microprocessor industry will run out of hyperbole long before they run out of transistors."
The only acceptable defense of scientific results is to say that they were the product of the Scientific Method.
question 4 in his list:
I get a slight hunch that is not as serious as it sounds. the cliche use of that tilte is an indication too.
Now lets read the reast of the article...
This space is intentionally staring blankly at you
There's only a remote possibility people will RTFA when it DOES exist. To calculate the possibility you're talking about will require hours of CPU time. Actualy, hours * ~1.5 CPU time, because for some strange reason my HT is now disabled.
Hal Spacejock: Science Fiction with Nuts
Did anyone else notice the Intel advert for "Hyper Threading Linux" at the top of the google ads on the article page?
I wonder how much revenue he'll get from this announcement?
And I note that if you are a SCO user, you always had disabled hyper threading anyway. Not sure what to make of that.
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
I guess I need to shut off hyperthreading on our app server before the users who can't sort an Excel spreadsheet have a chance to expliot the vulnerability.
My guess is that this is a timing attack. While thread 1 generates an RSA key, thread 2 times itself performing various instructions. If thread 1 is using the FPU to do a multiply, the FPU won't be available for thread 2 right away, so there will be a measurable delay. Thread 2 can then determine when thread 1 is running multiplies.
If my hunch is correct, an OS could fix this by allowing a process to enter a "secure mode" which would force the other thread on the same CPU to be idle when that process was scheduled.
Sunlit World Scheme. Weird and different.
...it appears Windows XP Starter Edition may be the most secure option after all...
Some of these "security risks" that people propose are just ridiculous. I mean, I know there are a tiny amount of people who actually follow these risks religiously, and do everything they can to fix them, but they are basically paranoid freaks. Unless your the DOD or have some super top scret evidence, then this means SHIT to you. Lets face it, a trojan, worm or whatever isn't going to use this obscure method of capturing and RSA key that may or may not work. It would take the work of, well, one of those paranoid freaks. And why would someone target your PC unless you had some really valuable information. They wouldn't.
Sorry, for the incoherent rambling, Im just fucking sick of these "Oh no, new vulnerability" things popping up all the time. The NATURE of computers is that they are INHERINTLY insecure, just as DRM will always be worked around.
Hyperthreading is teh suck because I found a flaw.
I'm not going to tell you how it works until I get a chance to stand up in front of a buch of people and sound smart. In the meantime you can disable HT.
I can write.
The flaw affects BSD's and OpenServer for sure.
I'm unemployed, so give me money to find more flaws.
Intel rocks!
Yup...that's pretty much it. Or did I miss something?
Be Safe! Sleep with a Marine. Semper Fi!
I'd sooner guess that by presenting a paper at a conference, he's hoping to turn this into a job offer. There are any number of stories about black-hats mending their ways, and getting security jobs. Here's someone trying to start out as a white-hat, doing things the right way to begin with. Seems to me that if he's on the mark, he's a better risk for a job offer than a reformed black-hat.
The living have better things to do than to continue hating the dead.
This is the same guy who calculated the 1 Quadrillionth hexadigit of Pi (no, not digit. It is in base 16). His project was called PiHex. According to his currently short but illustrious trackrecord, along with this current announcement, he is destined for being a big-name IT security guru.
What Intel might hope for is that this is fixable in microcode. If not, well, then there's real trouble.
My web domain.
I think the FreeBSD team is being overly cautious about this issue. They now have disabled HTT by default on all of there release trees stating the reason is because information leakage is possible. This is not ture when anyone can just change the crypto method they are using to something like an RSA method using a FFT(Fast Fourier Transform). There are other methods possible too such as just forcing the HT sibling to go idle for a period of time which would allow the crypto program to run without leaking any information.
-DR
I think he is giving the world some warning that the security hole exists and that after the conference exploits for it may appear in the wild (if they don't exist already). Vulnerabilities are sometimes announced this way: for example the OpenSSH team issued a mysterious warning saying that everyone running sshd should turn on privilege separation. A little while later they disclosed an exploit in the current sshd and made a new release with a fix. It happened that if you had privsep turned on you weren't affected by the exploit. The warning gave most admins a chance to secure their systems, but didn't give any details of the exploit.
Now, you might not think this guy is credible and so wait for him to 'show you the code' before applying the suggested fix. That's up to you.
-- Ed Avis ed@membled.com
I'd be willing to bet he's right. He is currently awaiting a doctorate from the University of Oxford, which is commonly held as the finest academic institution in the world.
(I'm not biased by having spent the past 7 years there)
Most machines let you disable it in the BIOS, which would have to be the simplest way of turning it off possible.
the reason comes tomorrow. Oh, and you should also give me all your cash today because it is obsolete, more details to come tomorrow.
Yes. While I am a "full-disclosure is better than not" guy, you (or others like you) would be screaming even louder about how "irresponsible" this guy would be if he had released the "reason" today (said "reason," BTW is a proof-of-concept exploit, one that malicious jerks will probably adapt to their desires after it's released).
Oh yes sysadmins, disable hyperthreading because some poster on slashdot said so. This is just too gay.
Not as asinine as clueless AC posts like yours, modded up as "insightful" by equally clueless people who happen to have moderation points today. The guy is awaiting his doctorate at one of the world's most prestigious universities, has an excellent track record, and has chosen a conservative but less-controviersial approach in disclosing this issue.
All of which you would have known, if you'd bother to read TFA rather than spouting off nonsense here.
The Future of Human Evolution: Autonomy
Microsoft has issued a patch in response to this "significant" security threat
You can download RIDDILIN.EXE to address the hyper-thread exploit from their update site...
Bill Gates assures me in a very personal email, installing this patch will fix the flaw, send me $5 for every other person who installs it... and Intel's stock will go up too. It's win-win...
Everyone should do it...
As we all know, this includes Linux :-)
Disclosure timeline
Why wasn't Intel notified over the past SEVEN MONTHS ?
Why pre-announce a vulnerability?
This sounds like an attempt to build himself up at the cost of others who use these processors - assuming this is a real vulnerability.
My laptop has an HT processor, and I am absolutely unconcerned about this vulnerability, since he said it only relates to servers
Let me pre-announce a few more entries for his "disclosure timeline":
Ken
Some of the most effective hacks/espionage come from exploiting "secondary channels" for information.
For example, I know of one hack from the good old days that involved placing a password across a page boundary. The OS compared the password to a plain text version character-by-character, so faulted if the characters up to the page boundary were all correct. Observing the disk access light (or the time to reject the password) provided character-by-character cracking.
Of course, password checking is now more sophisticated, but so is cryptanalysis. I think people that use encryption for real are well aware that there's an exposure in doing so on any time-shared system, or any system that can be observed in any way by a potential cryptanalyst.
I would guess, based on the sparse information presented here, that this is the nature of the attack. If - and that's a big if - you can cause an adversary to be scheduled in just the right way, you may be able to capture part or all of a private key by observing timing artifacts of the hyperthreading implementation.
This may be good security research, but unless I were protecting state secrets, I'd wait and evaluate the risk relative to other security risks that we find acceptable. I would also guess that the exposure is minimal compared to other high-tech and low-tech potential information leaks.
...RSA is vunerable to timing attacks (why we have blinding in software). It's a wonder noone has thought about this earlier though, I remember reading about the military considering virtual machines (i.e. one physical machine could be on both classified/unclassified systems). One of the reasons they didn't was the ability to tap/signal through spinlocks and other timing data. I always thought this was a "well-known but too unlikely to be interesting" weakness, but I guess not. Maybe I should have published a paper myself.
Live today, because you never know what tomorrow brings
This is only tangentially related to the security issue, but I found that disabling hyperthreading on a cluster of dual Xeons running Linux greatly improved performance with a distributed memory (MPI) numerical model. Short summary: even if you only run your model on physical CPUs, hyperthreading will apparently bounce jobs around in a somewhat random way. Not sure if it's a hardware issue or a software (Linux) issue.
Here is a link which goes into detail
A squid eating dough in a polyethylene bag is fast and bulbous, got me?
Alan Turing went to Cambridge and earned a fellowship there. That is also where he conceived the idea of the Turing machine - the basis of all programmable computers.
Where you get your education is immaterial. More important is what you do with it.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
Hyper Transport has nothing to do with Hyper Threading. Hyper Threading means processor support for several (usually two) execution threads at once. Hyper Transport is a bus technology to interconnect pocessors, RAM, motherboard chips, PCI bus and the like.
AMD's Hyper Transport is similar to Intel's Hyper Threading, but in my books, superior.
That's like saying that the computers from Apple Computers are similar but superior to the computers from Apple Records. Notice how Apple Records makes no computers? Just because they start with the same word does not mean two things are the same.
My paper is available here.
Have fun reading, I'm going back to the conference.
Tarsnap: Online backups for the truly paranoid
Why notify FreeBSD and then wait 2 or 3 months before notifying other possibly affected vendors (at least other BSDs)?
Two reasons. First, because I'm part of the FreeBSD Security team -- I'm required to notify them about potential issues.
Second, because if I contacted lots of security teams with what I had on December 31st, they wouldn't have listened: "Umm, hey guys, there's a problem with hyperthreading. I've convinced myself that it is real, but I don't really have any evidence to give you, so you'll just have to believe me..."
Tarsnap: Online backups for the truly paranoid
He alerted SCO to a flaw in their OS?
Actually, I posted to vendor-sec. I was rather surprised when I got an email back from SCO -- I didn't think that they'd be on vendor-sec.
Tarsnap: Online backups for the truly paranoid
Yes, by all means, let's deride advanced education as being worthless and a foolish pursuit. It's much better to try to learn everything by yourself and reinvent the wheel rather than participating in a community environment of study.
...For Dummies books and only leave the house to stare in the window of the hot chick next door at 11PM.
Because, of course, who needs community? People are awful. I'd much rather stay in my mom's basement with my
+++ATH0
I've tried HT on both the 3.0c [Northwood, 512k L2] and 2.8e [Prescott, 1M L2] P4 models, both with identical hardware otherwise [1Gb dual channel DDR400, 875P chipset, nvidia fx5200, 120Gb 7200RPM ATA133 WD disc]. It's really nice on the 2.8e, but you fall in the cache miss tar pit on the 3.0c. With HT turned on the 2.8e actually feels faster than the 3.0c ever did, especially under heavy load, and is nearly impossible to bring to its knees whatever I throw at it.
:)
Back on topic: This attack doesn't really shock me that much; covert channels are a fact of life in any multi-user machine, and anything that needs bulletproof security should be on isolated hardware. Attacking an RSA implementation by analyzing cache performance is a truly sweet hack though... my propeller-beanie spins in admiration.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
Well, I just read the paper, and I applaud Colin on several levels. First off, the theory of the attack is rock-solid and well-written. Secondly, he describes very implementable OS work-arounds, crypto library fixes, and finally chip design corrections which will totally eliminate the security hole.
This is one of the best thought out, best written papers of its kind that I have read in my over thirty years of work in the engineering field.
About the word "if": If bullfrogs had wings, they wouldn't bounce around on their little green butts.
During the Cryptographer's Panel at the RSA conference, Adi Shamir made a short reference to this vulnerability.
...a presentation would be forthcoming at the Eurocrypt 2005 rump session next week in Denmark.
Yes, we seem to have discovered the problem independently. (Until today I wasn't sure if we had discovered the same problem -- Adi Shamir didn't reply to an email I sent him about this -- but I got an email from Eran Tromer after my paper went online.)
I don't want to pre-release their results, but Shamir, Tromer, and Osvik decided to demonstrate the attack in a somewhat different way. I think it demonstrates how dangerous this attack is that two people independently discovered the attack and came up with different entirely practical targets for it.
Tarsnap: Online backups for the truly paranoid