New BranchScope Attack Vector for Intel CPUs

[FrgMstr]

BranchScope is a newly identified side-channel attack that can be used on Skylake, Haswell, and Sandy Bridge CPUs. While a bit off topic, the video below talks about Meltdown and Spectre and how those work that gives a good overview. Thanks TurboGLH.

Check out the video.

“BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit,” the researchers explained in their paper.

The researchers who identified the BranchScope attack method have proposed a series of countermeasures that include both software- and hardware-based solutions.

Dmitry Evtyushkin, one of the people involved in this research, told SecurityWeek that while they have not been tested, the microcode updates released by Intel in response to Meltdown and Spectre might only fix the BTB vector, which means BranchScope attacks could still be possible. However, Intel told the researchers that software guidance for mitigating Spectre Variant 1 could be effective against BranchScope attacks as well.

 

[SomeoneElse]

Intel can't catch a break. Better find a away to fix the flaws soon, AMD, I'm sure is wringing it hands to grab more market share.

 

[mullet]

KARMA!!!!!!!!

 

[Armenius]

Intel can't catch a break. Better find a away to fix the flaws soon, AMD, I'm sure is wringing it hands to grab more market share.

Gotta get that extra 2% back!

 

[{NG}Fidel]

I need to just retire my haswell shit. Holy fucking crap...

 

[gamerk2]

Speaking as a Software Engineer:

I noted fairly early that the fact Specter attacked the branch predictor was huge; there's no real way to lock it down without also killing performance by upwards of 30-40%, which is obviously unacceptable (who would purchase a CPU that's ~30% slower at the same clock, even in the name of security?). Basically, after years of locking down the OS, people are starting to realize it's actually easier to hack the hardware directly to get the information you want. And as far as security on the hardware, there's pretty much nothing there.

If nothing else, these problems are going to kill off Intels current architecture; I can't see how they address the HW problems without also tanking performance. At bare minimum, they need a new CPU architecture that's going to take on-die security into account.

Also, it's worth noting that while they looked at attack vectors on Intel, I suspect AMD is also vulnerable in HW. Probably NVIDIA GPUs too if I had to make a bet.

 

[Master_shake_]

BRB registering intelflaws.com

 

[SomeoneElse]

Gotta get that extra 2% back!

2% for AMD is huge! lol....

 

[DeeFrag]

KARMA!!!!!!!!

That's a great name for AMD's next product line.

 

[katanaD]

FTFA

The attacker needs to have access to the targeted system and they must be able to execute arbitrary code

so... once again, you have to have a compromised computer already... to take advantage of these "exploits"

*SIGH*

 

[raz-0]

FTFA



so... once again, you have to have a compromised computer already... to take advantage of these "exploits"

*SIGH*

If being on a VM on the hardware is sufficient access, then it isn't *sigh*. Thecloud era means lots of things share their hardware with anyone with a credit card. For desktop users not such a big deal, but for consumers of services, potentially problematic.

 

[ZeroBarrier]

FTFA



so... once again, you have to have a compromised computer already... to take advantage of these "exploits"

*SIGH*

Doesn't matter, since it's Intel it's a valid and real flaw. When it's AMD we can give them a pass. It's how it works around here now.

 

[aaronspink]

Intel can't catch a break. Better find a away to fix the flaws soon, AMD, I'm sure is wringing it hands to grab more market share.

This is like the rest of the Spectre related attacks a pretty much universal attack vector on any CPU with a BHT. That would include basically ever CPU ever designed with branch prediction aka including AMD. BHT is a basic component of any branch predictor.

Nor will this likely be the last. I would expect at least another dozen OoO related exploits to be found over the next couple of years.

 

[thebufenator]

Doesn't matter, since it's Intel it's a valid and real flaw. When it's AMD we can give them a pass. It's how it works around here now.

Many of you have no idea how exploitation works, while spouting opinions and fanboy statements.

There is a VAST different between an exploit that provides a privesc (Spectre et al) and a vulnerability that allows an admin to install a backdoor (Supposedly the CTS Labs shens).

Something that can privesc means a bad website you browse to all of a sudden is executing code on your computer with root creds. The CTS labs supposed vuln did NOT provide a means of a lower privileged process to jump to root.

 

[velusip]

That's a great name for AMD's next product line.

That's amazing.

Or even open sourcing the PSP kernel and calling it Karma would be just as good.

 

[MrGuvernment]

How are those class action lawsuits against intel going? Sorry but they knew dam well about these but didnt care because of performance gains they got to keep them ahead of AMD....

 

[viper1152012]

(Intel in a panic)

Uhhhh independent labs say AMD causes hemoroids in your south Bridge

*sighs in relief

 

[ZeroBarrier]

Something that can privesc means a bad website you browse to all of a sudden is executing code on your computer with root creds. The CTS labs supposed vuln did NOT provide a means of a lower privileged process to jump to root.

Wait for it. Just because it hasn't been found yet, doesn't mean it won't later be found. And the fact that the AMD flaw is practically permanent and persist a format and reinstallation should concern people much more than it has.