Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Intel. Show all posts
Technology
AI energy efficiency brain-inspired computing cryptocurrency energy consumption IBM Intel Loihi 2 chip neuromorphic computing NorthPole chip NVIDIA rising energy demands SpiNNcloud Systems Technology

Could Brain-Like Computers Be a Game Changer in the Tech Industry?

 

Modern computing's demand for electricity is growing at an alarming pace. By 2026, energy consumption by data centers, artificial intelligence (AI), and cryptocurrency could potentially double compared to 2022 levels, according to a report from the International Energy Agency (IEA). The IEA estimates that by 2026, these sectors' energy usage could be equivalent to Japan's annual energy consumption.

Companies like Nvidia, which produces chips for most AI applications today, are working on developing more energy-efficient hardware. However, another approach could be to create computers with a fundamentally different, more energy-efficient architecture.

Some companies are exploring this path by mimicking the brain, an organ that performs more operations faster than conventional computers while using only a fraction of the power. Neuromorphic computing involves electronic devices imitating neurons and synapses, interconnected similarly to the brain's electrical network.

This concept isn't new; researchers have been investigating it since the 1980s. However, the rising energy demands of the AI revolution are increasing the urgency to bring this technology into practical use. Current neuromorphic systems mainly serve as research tools, but proponents argue they could greatly enhance energy efficiency.

Major companies like Intel and IBM, along with several smaller firms, are pursuing commercial applications. Dan Hutcheson, an analyst at TechInsights, notes, "The opportunity is there waiting for the company that can figure this out... it could be an Nvidia killer." In May, SpiNNcloud Systems, a spinout from the Dresden University of Technology, announced it would begin selling neuromorphic supercomputers and is currently taking pre-orders.

Hector Gonzalez, co-chief executive of SpiNNcloud Systems, stated, "We have reached the commercialization of neuromorphic supercomputers ahead of other companies." Tony Kenyon, a professor at University College London, adds, "While there still isn’t a killer app... there are many areas where neuromorphic computing will provide significant gains in energy efficiency and performance, and I’m sure we’ll start to see wide adoption as the technology matures."

Neuromorphic computing encompasses various approaches, from a brain-inspired design to near-total simulation of the human brain, though we are far from achieving the latter. Key differences from conventional computing include the integration of memory and processing units on a single chip, which reduces energy consumption and speeds up processing.

Another common feature is an event-driven approach, where imitation neurons and synapses activate only when they have something to communicate, akin to the brain's function. This selective activation saves power compared to conventional computers that are always on.

Additionally, while modern computers are digital, neuromorphic computing can also be analog, relying on continuous signals, which is useful for analyzing real-world data. However, most commercially focused efforts remain digital for ease of implementation.

Commercial applications of neuromorphic computing are envisioned in two main areas: enhancing energy efficiency and performance for AI applications like image and video analysis, speech recognition, and large-language models such as ChatGPT, and in "edge computing" where data is processed in real-time on connected devices under power constraints. Potential beneficiaries include autonomous vehicles, robots, cell phones, and wearable technology.

However, technical challenges persist, particularly in developing software for these new chips, which requires a completely different programming style from conventional computers. "The potential for these devices is huge... the problem is how do you make them work," Hutcheson says, predicting that it could take one to two decades before neuromorphic computing's benefits are fully realized. Cost is another issue, as creating new chips, whether using silicon or other materials, is expensive.

Intel's current prototype, the Loihi 2 chip, is a significant advancement in neuromorphic computing. In April, Intel announced Hala Point, a large-scale neuromorphic research system comprising 1,152 Loihi 2 chips, equating to over 1.15 billion neurons and 128 billion synapses—about the neuron capacity of an owl brain. Mike Davies, director of Intel's neuromorphic computing lab, says Hala Point shows real viability for AI applications and notes rapid progress on the software side.

IBM's latest brain-inspired prototype chip, NorthPole, is an evolution of its previous TrueNorth chip. According to Dharmendra Modha, IBM's chief scientist of brain-inspired computing, NorthPole is more energy and space efficient and faster than any existing chip. IBM is now working to integrate these chips into a larger system, with Modha highlighting that NorthPole was co-designed with software to fully exploit its architecture from the outset.

Other smaller neuromorphic companies include BrainChip, SynSense, and Innatera. SpiNNcloud’s supercomputers commercialize neuromorphic computing developed at TU Dresden and the University of Manchester under the EU’s Human Brain Project. This project has produced two research-purpose supercomputers: SpiNNaker1 at Manchester, operational since 2018 with over one billion neurons, and SpiNNaker2 at Dresden, capable of emulating at least five billion neurons and currently being configured. SpiNNcloud's commercial systems are expected to emulate at least 10 billion neurons.

According to Professor Kenyon, the future will likely feature a combination of conventional, neuromorphic, and quantum computing platforms, all working together.
Read more »
Zen 1 Vulnerability
AMD AMD Zen 1 CPUs Intel Spectre SQUIP and Inception Vulnerability Vulnerabilities and Exploits Zen 1 Vulnerability

Zen 1 Vulnerability AMD Patchwork Proved Weak, Second Pass Issued


While AMD engineers have already patched their Zen 1 “Division by Zero” bug, it was not the end of their problems, as the company may have released a patch quickly, but perhaps a little too quickly: claims Borislav Petkov, an AMD Linux Engineer. He apparently fixed the issue concerning AMD with the original solution (mentioned in a statement published by Petkov). It is just another example of the challenges in protecting against potential attack routes.

According to the findings, AMD's CPU may have kept "stale quotient data" within its registers even after the patchwork was over, consequently providing attackers with a window to retrieve private information. The original fix was to conduct a final “dummy division 0/1 before returning from the #DE exception handler.” The idea is quite straightforward: after completing the 0/1 division, which always yields zero results, any remaining old data would be eliminated.

The drawback of the fix, explained by Petkov, was that the speculative execution attack would have progressed too far by the time that the security feature took effect. There would already be some outdated data on AMD's divider, which the attackers could access before the dummy division kicked in. 

Petkov notes that his new solution now upholds that same division in several scenarios:

"Initially, it was thought that doing an innocuous division in the #DE handler would take care to prevent any leaking of old data from the divider but by the time the fault is raised, the speculation has already advanced too far and such data could already have been used by younger operations,” says Petkov. “Therefore, do the innocuous division on every exit to userspace so that userspace doesn't see any potentially old data from integer divisions in kernel space[…]Do the same before VMRUN too, to protect host data from leaking into the guest too,"

Similar instances indicate how busy this month turned out to be for vulnerabilities in the CPU realm, for both AMD and Intel. From Intel’s severe Downfall vulnerability (affecting Skylake through Tiger Lake/Rocket Lake) to AMD's SQUIP and Inception vulnerabilities and the now re-fixed "divide by zero" vulnerability, researchers have shown much determination in solving the issues. 

However, while these new issues are connected to speculative execution vulnerabilities, they still do not come close to the illustrious history of Meltdown and Spectre days. Speculative execution describes how contemporary CPUs attempt to foresee calculation steps before they are even required, ensuring that the essential data is already available in the event that the execution is asked for. Although several of those vulnerabilities' remedies resulted in (often significant) performance costs, it is at least encouraging that AMD's 0/1 dummy division does not have any additional expenses.

Read more »
Vulnerabilities and Exploits
CPU Intel Intel SGX Macs Vulnerabilities and Exploits

Novel Downfall Bug is Targeting Intel CPUs to Steal Encryption Keys, and Data

 

Remember those severe Meltdown and Spectre CPU bugs that were discovered nearly five years ago? Intel is once again in hot water due to a severe vulnerability that impacts chips dating back years. 

The vulnerability, dubbed "Downfall," exploits a flaw in the AVX vector extensions of every Intel CPU from Skylake to the most current 12th-generation Alder Lake chips.

Macs using these processors first appeared in late 2015, with the 21.5-inch iMac, and nearly every Intel-based Mac-desktop or laptop-since then has been affected. Apple started employing its own CPUs in 2020, rather than the newer 12th and 13th-generation Intel processors (which aren't affected by the vulnerability anyhow). 

What exactly is Downfall? 

Daniel Moghimi, the researcher who identified the vulnerability, developed a microsite about it and summarises it as follows: 

Downfall attacks exploit a fundamental flaw identified in billions of current CPUs used in personal and cloud systems. This vulnerability, CVE-2022-40982, allows an individual to get access to and steal data from other users that use the same machine.

For example, a malicious app downloaded from an app store might utilise the Downfall attack to steal sensitive information such as passwords, encryption keys, and private data such as banking information, personal emails, and messages.

Similarly, in cloud computing environments, a malevolent customer might exploit the Downfall vulnerability to steal data and passwords from other customers that share the same cloud server. 

Intel was first made aware of the vulnerability last summer, but it has only now been made public to give Intel time to develop a fix. Users would receive updates from their hardware makers in the form of microcode, which Intel has only started to release for its chips to address the problem. 

Which Macs are impacted? 

It's unknown whether Macs are impacted at this time. A chip that is on Intel's list of impacted products is used inside nearly every Mac starting with the Skylake generation (starting in late 2015) that has an Intel CPU inside. Your CPU is almost probably impacted if you own an Intel-based Mac that was produced in 2016 or later (or an iMac that was released in late 2015). 

But Macs are quite distinctive. Custom motherboards and firmware have been used in Intel Macs, and some of them even had the powerful T2 processor. Until we hear from Apple, it's difficult to say for sure if any of this would necessarily stop an attack exploiting the Downfall vulnerability. 

What needs to be done next? Is a fix available? 

There isn't much you can do but wait if you own a Mac built in late 2015 or later; yet, you can be affected. If a processor microcode upgrade is required or further mitigations are required, Apple will release a macOS update. You don't need to be concerned if your Mac is Apple Silicon-based (it has an M1 or M2-based processor). 

Using only software from reputable sources is a smart idea at all times. Compared to the most recent release from a well-known company like Microsoft, Google, or something from the Mac App Store, the tool you downloaded from a website you had never heard of carries a much higher chance of virus.
Read more »
User Security
Boot Guard Cyber Security Intel PC Private Keys User Data User Security

Private Keys for Intel Boot Guard Have Reportedly Been Leaked, Jeopardizing the Security of Many PCs

 

Every other day, hackers are out there committing a new attack, exploiting a vulnerability, or attempting to extort people with ransomware. MSI is the latest victim, with hackers disclosing material acquired from a last-month breach of MSI's systems. 

This has the potential to be a major situation. According to tweets from Binarly founder Alex Matrosov, at least some of the previously stolen 1.5TB of data has been vulnerable. Private keys, some of which seem to be Intel Boot Guard keys, are included in the data. The leak of such keys affects not only MSI computers but also those from other vendors like Lenovo and Supermicro. Supermicro reached out to PC Gamer stating that based on its current review, its products are not affected by this breach.

Boot Guard is a cryptographic system that prevents fraudulent UEFI firmware or modified BIOS from being executed on PCs. Bypassing these checks, an attacker could acquire complete access to a system, access secure data, or utilize it for any variety of illicit activities.

Given the potential of so-called secondary downloads, the use of UEFI keys is especially concerning. Using typical phishing or email delivery strategies, any malware produced as a result of a firmware update including these keys would appear genuine, and antivirus software would ignore it.

The data was released after a group called Money Message claimed responsibility for the hack of MSI's internal systems (via Bleeping Computer(opens in new tab)). MSI was ordered to pay the organization $4,000,000. The release of the data would suggest that MSI didn't pay up.

The consequences of this breach will take time to assess, not to mention the time it may take to devise mitigations. In the following days, we might expect statements from the relevant parties. Meanwhile, exercise caution and avoid downloading any BIOS, firmware, or system software from sources other than the authorized website. This is true of all system software, not just MSIs.  

Read more »
User Privacy
BIOS Virus Cloud Services Data Breach Encryption Intel Lenovo UEFI Firmware User Privacy

Leak of BIOS Source Code Confirmed by Intel


The authenticity of the suspected leak of Intel's Alder Lake BIOS source code has been established, potentially posing a cybersecurity risk to users.

Alder Lake, the firm's 12th generation processor, which debuted in November 2021, is coded for the Unified Extensible Firmware Interface (UEFI) in the released documentation.

The breach, according to an Intel statement provided to Tom's Hardware, does not "reveal any new vulnerabilities since we do not rely on encryption of information as a defense policy."Additionally, it is urging other members of the security research community to use its bug bounty program to submit any potential problems, and it is also alerting customers about the situation.

The 5.97 GB of files, source code, secret keys, patch logs, and compilation tools in the breach have the most recent timestamp of 9/30/22, indicating that a hacker or insider downloaded the data time. Several references to Lenovo may also be found in the leaked source code, including code for 'Lenovo String Service,' 'Lenovo Secure Suite,' and Lenovo Cloud Service integrations.

Tom's Hardware, however, has received confirmation from Intel that such source code is real and is its "exclusive UEFI code."

Sam Linford, vice president of Deep Instinct's EMEA Channels, said: "Source code theft is a very serious possibility for enterprises since it may lead to cyber-attacks. Because source code is a piece of a company's intellectual property, it is extremely valuable to cybercriminals."

This year, there have been multiple instances where an organization's source code was exposed. The password manager LastPass disclosed that some of its source code had been stolen in August 2022, and Rockstar Games' Grand Theft Auto 5 and the Grand Theft Auto 6 version's source code was stolen in September 2022.
Read more »
Spectre Attacks
AMD attacks Cyber Attacks Intel Safety Spectre Attacks

New Exploit Circumvents Existing Spectre-V2 Mitigations in Intel and Arm CPUs

 

Researchers have revealed a new technique that might be used to bypass existing hardware mitigations in modern processors from Intel, AMD, and Arm CPUs and stage speculative execution attacks like Spektre to expose sensitive data from host memory. 

Spectre attacks are aimed to disrupt the isolation between different applications by using an optimization technique known as speculative execution in CPU hardware implementations to mislead programmes into accessing arbitrary memory regions and leaking their secrets. While chipmakers have included software and hardware defences such as Retpoline and safeguards such as Enhanced Indirect Branch Restricted Speculation (eIBRS) and Arm CSV2, the latest technique demonstrated by VUSec researchers seek to circumvent all of these measures. 

Branch History Injection (BHI or Spectre-BHB) is a new variant of Spectre-V2 attacks (tracked as CVE-2017-5715) that circumvent both eIBRS and CSV2, according to the researchers, and exposes arbitrary kernel memory on modern Intel CPUs.

"The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel," the researchers explained,

"However, the predictor relies on a global history to select the target entries to speculatively execute. And the attacker can poison this history from userland to force the kernel to mispredict to more 'interesting' kernel targets (i.e., gadgets) that leak data," the Systems and Network Security Group at Vrije Universiteit Amsterdam added. 

To put it another way, malicious code can use the CPU Branch History Buffer (BHBshared )'s branch history to affect mispredicted branches within the victim's hardware context, leading to speculative execution that can subsequently be used to infer information that would otherwise be inaccessible. All Intel and Arm processors that were previously vulnerable to Spectre-V2, as well as a number of AMD chipsets, are now vulnerable to Spectre-BHB, forcing the three firms to release software upgrades to address the problem. 

Customers should also disable the unprivileged extended Berkeley Packet Filters (eBPF) in Linux, enable both eIBRS and Supervisor-Mode Execution Prevention (SMEP), and apply LFENCE to particularly identified gadgets that are discovered to be susceptible, according to Intel. 

The researchers stated, "The [Intel eIBRS and Arm CSV2] mitigations work as intended, but the residual attack surface is much more significant than vendors originally assumed. Nevertheless, finding exploitable gadgets is harder than before since the attacker can't directly inject predictor targets across privilege boundaries. That is, the kernel won't speculatively jump to arbitrary attacker-provided targets, but will only speculatively execute valid code snippets it already executed in the past."
Read more »
Windows
AMD GPU Intel malware Memory Cards Nvdia PoC Windows

Hackers are Selling Tool to Hide Malware in GPUs

 

Cybercriminals are moving towards malware attacks that can execute code from a hacked system's graphics processing unit (GPU). Although the approach is not new, and demo code has been published in the past, most of the projects to date have come from academics or were unfinished and unpolished. 

Recently in August, the proof-of-concept (PoC) was sold on a hacker forum, perhaps signaling hackers' shift to a new level of complexity in their attacks. 

Code Tested on Intel, AMD, and Nvidia GPUs

In a brief post on a hacking forum, someone offered to sell the proof-of-concept (PoC) for a strategy that keeps harmful code protected from security solutions scanning the system RAM. The seller gave a brief description of their technique, claiming that it stores malicious code in the GPU memory buffer and then executes it from there. 

As per the advertiser, the project only works on Windows PCs that support OpenCL 2.0 and above for executing code on various processors, including GPUs. It also stated that he tested the code on Intel (UHD 620/630), Radeon (RX 5700), and GeForce (GTX 740M(? ), GTX 1650) graphics cards. 

However, there are fewer details regarding this new hack, but the post went live on August 8 and was apparently sold for an unknown amount on August 25.

Another hacker forum user mentioned that GPU-based malware had been done before, citing JellyFish, a six-year proof-of-concept for a Linux-based GPU rootkit. 

The vendor dismissed the links to the JellyFish malware, stating that their approach is unique and does not rely on code mapping to userspace. There is no information regarding the transaction, such as who purchased it or how much they paid. Only the seller's article claims to have sold the malware to an unidentified third party. 

Academic Study

Researchers at the VX-Underground threat repository stated in a tweet on Sunday that the malicious code allows binary execution by the GPU in its memory region. They also noted that the technique will be demonstrated soon. 

PoCs for a GPU-based keylogger and a GPU-based remote access trojan for Windows were also disclosed by the same researchers that created the JellyFish rootkit. All three projects were released in May 2015 and are open to the public. 

While the mention of the JellyFish project implies that GPU-based malware is a new idea, the foundation for this attack approach was developed around eight years ago. 

Researchers from the Institute of Computer Science - Foundation for Research and Technology (FORTH) in Greece and Columbia University in New York demonstrated in 2013 that GPUs can execute a keylogger and save recorded keystrokes in their memory space [PDF document here]. 

The researchers previously evidenced that malware authors may use the GPU's processing capabilities to pack code with extremely sophisticated encryption methods considerably faster than the CPU.
Read more »
Vulnerabilities and Exploits
AMD Exploits Intel Security Flaws Vulnerabilities and Exploits

Experts Find Vulnerabilities in AMD Zen Processor

 

German cybersecurity experts at TU Dresden discovered that Zen processor of AMD is susceptible to data-bothering meltdown like attacks in the end. Exploiting this vulnerability is an academic drill, turns out, there exist much easier and simpler techniques to meddle with systems. In simpler terms, it's a reminder that modern CPU designs have various kinds of side channels, and many yet to be discovered. 

The Register reports "in a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips – namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX – and found that they were able to adversely manipulate the operation of the CPU cores." When Spectre and Meltdown vulnerabilities came out, in the beginning experts said that Meltdown was only authenticated on Intel x86 chipsets. The list then included IBM hardwares and an Arm Cortex core, however, it was not clear if IBM parts had vulnerabilities. AMD in a statement said that Meltdown didn't affect the processors. 

"The way its chips executed load instructions meant data would not be fetched if architecturally disallowed in the processor's current execution context, it said. In other words, load instructions executed in user mode can't be used to discern the contents of kernel-mode memory, as expected."

"Musaev and Fetzer say that's true for classical Meltdown attacks that rely on fetching data from the L1 data cache and for a variant called Microarchitectural Data Sampling (MDS) that targets specific buffers. But they found another way to poison the way in which a CPU core access data in memory "that is very similar to Meltdown-type behavior," said The Register. 

Most importantly, this technique can't be used by a single process to read a kernel or different process memory, however, a thread in the program can use it to affect different thread in the same memory space. It isn't similar to a classic meltdown, where a Rogue app rips off keys from kernel memory. "The violation we report does not lead to cross address space leaks, but it provides a reliable way to force an illegal dataflow between microarchitectural elements," said the experts.
Read more »
Subscribe to: Posts (Atom)