CATEGORIES
home News

Intel Processors Vulnerable To Spectre-Like BranchScope Side-Channel Attack

by Paul LillyWednesday, March 28, 2018, 11:45 AM EDT
Intel Processor

When word finally spread about Spectre and Meltdown, it seemed only a matter of time before attackers would try to leverage the side-channel vulnerabilities. That is not the only concern, however. A team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamtom University say they have discovered a new side-channel attack that affects Intel processors, and that patches released for Spectre and Meltdown might prove ineffective against the exploit.

Researchers are calling the newly discovered vulnerability "BranchScope." While not the same as Spectre or Meltdown, it works similarly to expose potentially sensitive information that normally would be inaccessible from direct access. As for how serious it really is, that depends on how you ask. According to the researchers, an attacker needs to have access to a targeted system to execute the arbitrary code. To them, BranchScope is "on par with other side-channel attacks."

"BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit," the researchers explained in their paper.

The researchers believe that existing patches and microcode updates related to Spectre and Meltdown are only partially effective in protecting against attacks like BranchScope, and that further mitigations are needed. Intel does not necessarily agree with that assessment.

"We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits," Intel told SecurityWeek. "We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers."

The good news for users is that side-channel attacks have not become commonplace in the wake of Spectre and Meltdown. That said, BranchScope is not the only CPU side-channel attack method to surface in recent weeks. Another one, called SgxPectre, demonstrates how Spectre can be used to compromise SGX enclaves. So far, however, there has not been an outbreak of any side-channel attacks in the wild that we are aware of.
Tags:  Intel, spectre, (NASDAQ:INTC), branchscope
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment