It’s not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the “Take A Way” name that can leak data from AMD processors dating back to 2011, whether it’s an old Athlon 64 X2, a Ryzen 7 or a Threadripper. Both exploit the “way predictor” for the Level 1 cache (meant to boost the efficiency of cache access) to leak memory content. The Collide+Probe attack lets an intruder monitor memory access without having to know physical addresses or shared memory, while Load+Reload is a more secretive method that uses shared memory without invalidating the cache line.
Unlike some side channel attacks, it hasn’t taken long to show how these exploits would work in the real world. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox, not to mention virtual machines in the cloud. While Take A Way only dribbles out a small amount of information compared to Meltdown or Spectre, that was enough for the investigators to access AES encryption keys.
It’s possible to address the flaw through a mix of hardware and software, the researchers said, although it’s not certain how much this would affect performance. Software and firmware fixes for Meltdown and Spectre have typically involved speed penalties, although the exact hit depends on the task.
We’ve asked AMD for comment. However, the authors suggest that AMD has been slow to respond. They said they submitted the flaws to AMD in late August 2019, but haven’t heard back despite keeping quiet about the flaw for the past several months.
The findings haven’t been without controversy, although it doesn’t appear to be as questionable as some thought at first. While Hardware Unboxed found disclosures that Intel funded the research, raising concerns about the objectivity of the study, the authors have also received backing from Intel (and other sources) for finding flaws in the company’s own chips as well as other products. It appears to just be a general effort to spur security research, then. As it stands, the funding source doesn’t change the practical reality — AMD may have to tweak its CPU designs to safeguard against Take A Way attacks going forward.