Most IT security pros think of the Heartbleed bug as a software vulnerability in some versions of the OpenSSL software library. Certainly that’s what they thought last April when the first word of the problem flashed around the world and organizations scrambled to update their versions of the software.
But at last week’s Hot Chip conference speakers also pointed out that Heartbleed also exposed hardware problems with memory and cache where data temporarily sits before being forwarded for processing or storage.
“This is correctly functioning hardware — with no bugs — but it is leaking out information,” Ruby Lee, professor of engineering at Princeton University’s Department of Electrical Engineering, told the conference in a report from Computerworld U.S.
It’s true that the vulnerability was in the software. However, what it allowed attackers to do is steal passwords, private keys and other identify information from unprotected memory and cache.
The weak link is the fixed memory addresses of cache, according to Lee. Attackers can effectively re-create the use of cache by a victim and map bits of keys to specific parts of memory used, the article says. Attackers can then extract data from the tracked memory addresses to reconstruct keys.
“Because there’s a fixed memory address … the attacker can look backwards and figure out which memory addresses the victim used,” Lee is quoted in the article as saying. “Then he can devise the whole key.”
This is what makes Heartbleed is an example of a so-called side-channel attack, which uses one vulnerability to get important data from another part of an architecture.
Researchers at Princeton have reconstructed cache architecture so tracks left by the victim are effectively wiped out, making it difficult to carry out side-channel attacks. Called Newcache, it has dynamic and randomized cache mapping that will make it harder for attackers to correlate memory usage to key bits, says the report. That will make it hard for hackers to map the cache and extract data.
Lab tests suggest it has no impact on performance.
However, it could take years for chip and system makers to change memory features with secure caches.