Researchers uncover Spectre-like Intel CPU vulnerability called BranchScope
This attack has not been tested on AMD processors
Published: 29th March 2018 | Source: bleeping Computer Via TheF34RChannel |
Researchers uncover Spectre-like Intel CPU vulnerability called BranchScope
Researchers from four US universities, College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University, have released a paper which details a new Spectre 2-like vulnerability called BranchScope, a new side-channel attack which targets the "directional branch predictor".
Spectre Variant 2 allows users to look at the "Branch Target Buffer" a cache for Branch Prediction operations, whereas BranchScope targets the "directional branch predictor," which is a process which decides what speculative operations to execute. AMD Processors are currently unaffected by Spectre Variant 2, which makes it unlikely that AMD will be affected by BranchScope.
BranchScope has been tested on Intel's Sandy Bridge, Haswell and Skylake processors, with the attack being launchable without any administrator rights with an error rate of less than 1%. Since BranchScoper is exploitable from the user space, it is much scarier than the AMD exploits that were recently revealed by CTS Labs, which were only exploitable in systems where their security is already compromised.
Right now we are seeing conflicting reports from BranchScope's researchers and Intel regarding the impact of the exploit, with the researchers claiming that none of the mitigation in place for Spectre can prevent the effects of BranchScope and Intel stating that "We anticipate that existing software mitigations for previously known side channel exploits". Below is Intel's full statement on BranchScope. from Bleeping Computer.
We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits,
We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side-channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.
More detailed information about BranchScope is available in the academic paper called "BranchScope: A New Side-Channel Attack on Directional Branch Predictor", which is available to read here.
BranchScope will likely be the first of many new speculative execution attacks that will be uncovered in the coming years, which will undoubtedly lead to changes in CPU designs moving forward, securing this vital part of modern processor architectures.
You can join the discussion on BranchScope, the recently discovered Spectre-like vulnerability on Intel CPUs on the OC3D Forums.
Special Thanks to TheF34RChannel for the information.
Most Recent Comments
One of many reasons I switched from Intel to AMD, especially considering how long Intel has been in this business... These kinds of things just shouldnt appear.
|
One of many reasons I switched from Intel to AMD, especially considering how long Intel has been in this business... These kinds of things just shouldnt appear.
|
These issues will take a while to fully resolve in hardware, but at least now CPU makers know what to look for and can harden their future designs against it.
While I agree with your sentiment, I do think it is unreasonable to think that all products should be perfect without any potential for fault. Before Spectre/Meltdown, nobody knew that this was possible, so I wouldn't fault anyone for having such a flaw in their product. While I do think Intel's response to Spectre/meltdown could have been a lot better, I'm not going to fault Intel for not designing around a problem that nobody knew existed.Quote