Computers at risk to ‘Spectre’ vulnerability
Published 7 May 2021
An Indian-origin researcher has warned that billions of computers and other devices across the globe are at risk to a vulnerability called ‘Spectre’.
This was first discovered in 2018 but researchers have discovered a new variant that can affect modern processors, according to a research paper by the researchers at the University of Virginia and University of California San Diego. Researchers, including Ashish Venkat at the University of Virginia’s School of Engineering and Applied Science, UVA Engineering have discovered that the computer processors are open to hackers once again.
Ever since ‘Spectre’ was discovered, computer scientists from industry and academia have worked on software patches and hardware defenses and they have been able to protect the most vulnerable points in the speculative execution process without slowing down computing speed too much, added a media report.
They found a new way for hackers to exploit something called the “micro-op cache”, which speeds up the computing by storing simple commands and allowing the processor to fetch them quickly and early in the process of a speculative execution process.
Ashish Venkat’s team found that the hackers could steal data when a processor fetches commands from a “micro-op” cache.
“Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,” Venkat said.
“Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password,” he added.
The team has discovered two variants of the attacks that are capable of stealing speculatively accessed information from Intel and AMD processors.
He further added that Intel’s suggested defence against Spectre, which is called LFENCE, places a sensitive code in a waiting area until the security checks are executed and only then the sensitive code is allowed to execute.
“But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel,” pointed Venkat.
“The difference with this attack is you take a much greater performance penalty than those previous attacks,” said PhD student Logan Moody.
The report further added that the team’s paper has been accepted by the highly competitive International Symposium on Computer Architecture or ISCA.