A Indian origin researcher with has warned that a security vulnerability known as ‘Spectre’ that was first discovered in 2018 but is now available to hackers again has exposed billions of computers and other devices around the world.
Since the discovery of ‘Spectre,’ the world’s best computer scientists from industry and academia have focused on software fixes and hardware defences, confident that they’ve been able to secure the most vulnerable points in the speculative execution process without significantly slowing down processing speeds.
Researchers at the University of Virginia’s School of Engineering and Applied Science, UVA Engineering, led by Ashish Venkat, discovered that computer processors are once again vulnerable to hackers. They discovered a brand-new way for hackers to take advantage of something known as a “micro-op cache,” which accelerates computation by storing basic commands and allowing the processor to retrieve them quickly and early in the speculative execution process.
Since 2011, micro-op caches have been used in Intel computers.
When a processor fetches commands from the micro-op cache, Venkat’s team discovered that hackers could steal the data.
Commenting on the development, Venkat said “Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,”
A computer processor performs a similar function. It predicts that the check will pass, allowing instructions to enter the pipeline.
Venkat elaborated “Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password,”
All existing ‘Spectre’ protections are ineffective against Venkat’s team’s latest attacks because they protect the processor at a later stage of speculative execution.
The team discovered two variants of the attacks that can steal speculatively accessible data from Intel and AMD processors.
Venkat noted “Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute,”
“But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.”
It would be even more difficult to patch this newly discovered vulnerability.
In the case of previous ‘Spectre’ attacks, developers devised a reasonably simple method of preventing any kind of attack without sacrificing significant computing performance.
Venkat’s team has informed Intel and AMD’s product security teams about the flaw.
The highly competitive International Symposium on Computer Architecture, or ISCA, has accepted the team’s paper.