New
#1
Please god, not this again...
Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks.
The new attack, dubbed BranchScope, has been identified and demonstrated by a team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University.
Similar to Meltdown and Spectre, BranchScope can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.
Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, “on par with other side-channel attacks.” The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.
Experts showed that the attack works even if the targeted application is running inside of an Intel SGX enclave. Intel SGX, or Software Guard Extensions, is a hardware-based isolated execution system designed to prevent code and data from getting leaked or modified.
BranchScope is similar to Spectre as they both target the directional branch predictors. Branch prediction units (BPUs) are used to improve the performance of pipelined processors by guessing the execution path of branch instructions. The problem is that when two processes are executed on the same physical CPU core, they share a BPU, potentially allowing a malicious process to manipulate the direction of a branch instruction executed by the targeted application.
Read more: Intel CPUs Vulnerable to New Attack | SecurityWeek.Com
Please god, not this again...
Are they saying that it only affects Intel processors, or are they saying that it has only been tested on Intel processors?
AMD should also be affected in some way if it's in relation to Spectre 2. It's possible that this was tested soley on Intel though.
As predicted, more branch prediction processor attacks are discovered | Ars Technicain a statement, Intel says: We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.
Have these "Experts" got nothing better to do than look for unheard of never used possible exploits? Are they on some kind of look how clever we are ego trip?
If the attacker has physical access, then security has already been compromised.The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.
If the attacker has remote access, then security has already been bypassed.
So the concern is strictly espionage. A mole or double-agent working normally while the injected code retrieves sensitive info.
Microsoft is offering rewards for new speculative execution exploits. Whether or not this is a good idea is debatable.
Microsoft Announcing Speculative Execution Bounty Program Launch - Windows 10 Forums
Why would they put this out there in the first place??
These Holes should be taken care of in their respective labs and Then give us a patch.
Now, they are just fueling the fires of all hackers.
I just wish they would use a bit of common sense but, I guess common sense isn't very common.