Researchers Find Billions Of Intel Processors Leak User Passwords

Intel DOC

JAKARTA - Google security expert Daniel Moghhimi found vulnerabilities in several Intel processors, which affected sensitive user data.

Dubbed Downfall, the vulnerability most likely affects billions of Intel processors used on private user computers or on cloud servers.

This vulnerability is identified as CVE-2022-402, where hackers can access and steal data from computer-sharing users.

"For example, malicious applications obtained from the App Store can use Downfall attacks to steal sensitive information such as passwords, encryption keys, and personal data such as banking details, personal emails, and messages," said Moghimi.

"Similarly, in a cloud computing environment, bad customers can exploit Downfall vulnerabilities to steal data and credentials from other customers who use the same cloud computer," he added.

Moghimi explained that the vulnerability was caused by the memory optimization feature in the Intel processor which accidentally revealed the internal hardware register to the software.

As a result, untrusted software can access data stored by other programs, which should not be normally accessible.

All affected CPUs include main-current processors and Intel servers, from Skylake to Rocket Lake.

Intel's Xeon processor is also at risk of Downfall. Due to Intel's dominant position in the server processor, almost every Internet user can be indirectly affected.

The good news is that the newer 12th and 13th generation Intel processors do not experience vulnerabilities. However, the company itself expects a performance decline of up to 50 percent, with AVX instructions being the most affected.

Likewise, the workload related to AI and high-performance computing tasks (HPC) as a whole were hit hard.

In response to this, the company quickly said it would release a new microcode for affected chips.

Intel recommends that users update their firmware to prevent Downfall. However, the price to pay so that the user's password does not leak is huge. This is quoted from Digital Trends and PC World, Saturday, August 12.