Addressing ‘Downfall’: ExpressVPN’s swift response to an Intel exploit

ExpressVPN newsPrivacy news
4 mins
Downfall Intel CPU bug.

This post was co-authored by Pete Membrey, Chief Engineering Officer, and Brendan Horan, Distinguished Engineer (Networks & Infrastructure) at ExpressVPN

At ExpressVPN, protecting your digital safety is our top priority. We believe in taking proactive measures to closely monitor and stay ahead of potential digital threats to our users.

When we became aware of Downfall, a vulnerability affecting many Intel processors, our team of security experts acted quickly to initiate a thorough investigation of its impact. 

Recognizing the potential risks posed by Downfall, we quickly deployed the necessary fix made available by Debian across our entire network to ensure that our users remain fully protected. This was all done within a span of 48 hours, thanks to our TrustedServer system, which allows us to perform frequent updates across our extensive server network with great efficiency.

Now, we want to shed light on the nature of the Downfall exploit and highlight how our security measures, coupled with ExpressVPN’s industry-leading TrustedServer technology, can effectively protect you from such external threats.

What is the Downfall exploit?

The Downfall Intel processor bug has emerged as a significant concern in the cybersecurity landscape. Discovered by Daniel Moghimi, a Google researcher, this vulnerability affects multiple generations of Intel chips, dating back to 2015. 

Moghimi reported the vulnerability to Intel on August 24, 2022, allowing them sufficient time to release microcode updates to fix the vulnerability. The vulnerability was then made public on August 10, 2023.

From a technical viewpoint, the vulnerability primarily resides in the microprocessor code that utilizes an instruction known as “Gather.” This instruction facilitates quick access to scattered data stored in memory. Intel has termed this flaw as “Gather Data Sampling” based on the techniques developed by Moghimi to exploit it. 

What is the Downfall exploit’s impact on security? The Downfall exploit allows attackers to bypass protective barriers designed to keep data isolated within a system. This breach grants unauthorized access to sensitive data, which could include financial details, emails, messages, passwords, and encryption keys.

What chips are affected by the Downfall exploit? The impact spans across the Skylake chip family, the Tiger Lake family, and the Ice Lake family. It’s important to note that Intel’s latest generation chips are unaffected, thanks to improved processor designs that prioritize security. These advancements are a result of an increased focus in recent years on rigorous security research that uncovers vulnerabilities like the Downfall exploit.

While the Downfall exploit targets Intel chips, you may wonder how it directly impacts a VPN company like ExpressVPN. The truth is, the impact to our VPN platform is likely minimal. Our dedicated servers, combined with our cutting-edge TrustedServer technology, are purposefully built to provide robust protection, making it incredibly challenging for attackers to even target our servers or network in the first place. We have already implemented the necessary fix, which means that even if an attacker were to somehow gain access, our servers remain fully shielded.

A faster response with our TrustedServer tech

When we learned about the Downfall exploit and the potential risks it posed, we took immediate action to ensure your safety. Here’s what we did:

1. Updating the core software

As part of our weekly server update, we incorporated a crucial microcode update from Debian, a trusted source for software components. This update addressed the vulnerability, strengthening the security of our infrastructure.

2. Deploying the fix with TrustedServer. 

In order to implement the security fix, we had to deploy the updated TrustedServer rollout to our servers in nearly 100 countries. What would otherwise have been a slow, painstaking process requiring high levels of coordination to minimize impact on our users was instead delivered within 48 hours by our secure, fully automated platform. This undertaking was accomplished without any downtime for our users, which we consider a technical achievement—albeit one that is simply routine for us. 

The importance of agility in cybersecurity

In the realm of cybersecurity, agility is key to staying one step ahead. Our rapid response to the Downfall exploit is a testament to ExpressVPN’s commitment to keeping our users protected. While traditional server setups may struggle with global deployment, ExpressVPN’s forward-thinking approach, combined with the capabilities of TrustedServer, ensured continuous protection against this critical threat.

The Downfall Intel processor exploit serves as a stark reminder of the hidden risks that exist within the very hardware that powers our digital lives. However, with innovations like TrustedServer, companies like ExpressVPN can stay ahead of the curve, offering more than just a service, but a steadfast commitment to user security. 

The 48-hour global fix for the Downfall exploit was not a coincidence for ExpressVPN—it was business as usual.

Our dedication to your protection

We take pride in our dedication to engineering excellence and our commitment to protecting our users. Our meticulous planning and adherence to industry best practices ensures that we continue to stand as a bulwark against emerging challenges, safeguarding user safety and preserving data integrity. 

We deeply value the trust you put in us, and remain dedicated to upholding transparency and empowering you to go online with confidence and peace of mind.

Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

Pete Membrey is currently Chief Engineering Officer at ExpressVPN, the creator of Lightway (an open-source, mobile-first VPN protocol), and a core member of the team that created TrustedServer, the VPN industry's first RAM-only server platform designed with an entire defense-in-depth strategy.