×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Intel Processors Vulnerable To Spectre-Like BranchScope Side-Channel Attack

When word finally spread about Spectre and Meltdown, it seemed only a matter of time before attackers would try to leverage the side-channel vulnerabilities. That is not the only concern, however. A team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamtom University say they have discovered a new side-channel attack that affects Intel processors, and that patches released for Spectre and Meltdown might prove ineffective against the exploit.

Researchers are calling the newly discovered vulnerability "BranchScope." While not the same as Spectre or Meltdown, it works similarly to expose potentially sensitive information that normally would be inaccessible from direct access. As for how serious it really is, that depends on how you ask. According to the researchers, an attacker needs to have access to a targeted system to execute the arbitrary code. To them, BranchScope is "on par with other side-channel attacks."

"BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit," the researchers explained in their paper.

The researchers believe that existing patches and microcode updates related to Spectre and Meltdown are only partially effective in protecting against attacks like BranchScope, and that further mitigations are needed. Intel does not necessarily agree with that assessment.

"We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits," Intel told SecurityWeek. "We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers."

The good news for users is that side-channel attacks have not become commonplace in the wake of Spectre and Meltdown. That said, BranchScope is not the only CPU side-channel attack method to surface in recent weeks. Another one, called SgxPectre, demonstrates how Spectre can be used to compromise SGX enclaves. So far, however, there has not been an outbreak of any side-channel attacks in the wild that we are aware of.

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'https://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source