Researchers Accuse Intel of Attempted Bribery over MDS Flaw
Mike Sanders / 3 days ago
Intel Security Flaws
Earlier this week it was revealed that a whole new slew of security flaws existing with Intel processors was revealed. Now, to date, at least 4 names have cropped up for seeming the same or different flaws. We’ve seen ‘Zombieland’, ‘Fallout’ and even Microsoft’s preferred own branding to it, ‘MDS’ mentioned.
When cybersecurity research firm VU Amsterdam discovered RIDL, however, in a report via TechPowerUp, they are claiming that Intel attempted to ‘bribe’ them into keeping it quiet or, more accurately, not making their findings quite so public.
Was it a Bribe?
Ok, so that is rather a harsh word. It is, after all, well established that various companies will happily pay ‘bounties’ for people who discover security flaws in their hardware or software. We’ve seen in on multiple occasions where ‘white hat’ hackers get rewarded for finding faults and reporting them.
The security team, however, has chosen to disclose that they were essentially offered a $40,000 ” reward. This was on the proviso, however, that they would significantly downplay the importance of the flaw. This was backed up by a further promise of $80,000. The team did not disclose the terms of this 2nd payment. One can, however, presume that it would be upon successful ‘delivery’ of their initial deal.
VU Amsterdam did, however, decide to decline both offers and make the flaw known to the world. A factor that is clearly more than a little uncomfortable for Intel.
What is the Flaw?
After many attempts to try and understand the details, I have largely come to the conclusion that this is a very technical problem. Well beyond the understanding (or wish of) by the normal PC enthusiast. Put simply, however, RiDL (rouge in-flight data load) is an essential security back-door found deep in the processor design. This isn’t just an older-CPU issue either. It is believed to lie in most (even 9th-gen) designs.
Utilising a design flaw in the CPU buffer, it can effectively allow attackers to infiltrate your system. From there, certain commands can be executed to make your system vulnerable. In other words, putting your security, system and data at risk. This, in combination with the other flaws discovered, is a concern though. Particularly since many of them can effectively ‘work’ together for greater potential damage. This is, however, part of the reason why the details and specifics of the flaws are a little scarce at present. Intel wants to try and fix this before making it too well known.
The flaw is confirmed to have only affected Intel processors with AMD (once again) largely escaping exploit clutches. Intel is, however, working on fixing the issue. Albeit the issue of the fix potentially restricting performance is, again, on the agenda. Let’s see what Intel can do to fix this!
What do you think? Are you concerned about this security flaw? – Let us know in the comments!