New BranchScope Attack Vector for Intel CPUs

Discussion in 'HardForum Tech News' started by FrgMstr, Mar 28, 2018.

  1. FrgMstr

    FrgMstr Just Plain Mean Staff Member

    Messages:
    48,299
    Joined:
    May 18, 1997
    BranchScope is a newly identified side-channel attack that can be used on Skylake, Haswell, and Sandy Bridge CPUs. While a bit off topic, the video below talks about Meltdown and Spectre and how those work that gives a good overview. Thanks TurboGLH.

    Check out the video.

    “BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit,” the researchers explained in their paper.

    The researchers who identified the BranchScope attack method have proposed a series of countermeasures that include both software- and hardware-based solutions.

    Dmitry Evtyushkin, one of the people involved in this research, told SecurityWeek that while they have not been tested, the microcode updates released by Intel in response to Meltdown and Spectre might only fix the BTB vector, which means BranchScope attacks could still be possible. However, Intel told the researchers that software guidance for mitigating Spectre Variant 1 could be effective against BranchScope attacks as well.
     
    Last edited: Mar 28, 2018
    Big_Rig_Stig likes this.
  2. SomeoneElse

    SomeoneElse [H]ard|Gawd

    Messages:
    1,755
    Joined:
    Jan 16, 2007
    Intel can't catch a break. Better find a away to fix the flaws soon, AMD, I'm sure is wringing it hands to grab more market share.
     
    Big_Rig_Stig likes this.
  3. mullet

    mullet [H]ard|Gawd

    Messages:
    1,629
    Joined:
    Aug 19, 2004
    KARMA!!!!!!!!
     
    Big_Rig_Stig and gtrguy like this.
  4. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    17,823
    Joined:
    Jan 28, 2014
    Gotta get that extra 2% back!
     
  5. {NG}Fidel

    {NG}Fidel [H]ardness Supreme

    Messages:
    6,216
    Joined:
    Jan 17, 2005
    I need to just retire my haswell shit. Holy fucking crap...
     
    Big_Rig_Stig and Master_shake_ like this.
  6. gamerk2

    gamerk2 [H]ard|Gawd

    Messages:
    1,581
    Joined:
    Jul 9, 2012
    Speaking as a Software Engineer:

    I noted fairly early that the fact Specter attacked the branch predictor was huge; there's no real way to lock it down without also killing performance by upwards of 30-40%, which is obviously unacceptable (who would purchase a CPU that's ~30% slower at the same clock, even in the name of security?). Basically, after years of locking down the OS, people are starting to realize it's actually easier to hack the hardware directly to get the information you want. And as far as security on the hardware, there's pretty much nothing there.

    If nothing else, these problems are going to kill off Intels current architecture; I can't see how they address the HW problems without also tanking performance. At bare minimum, they need a new CPU architecture that's going to take on-die security into account.

    Also, it's worth noting that while they looked at attack vectors on Intel, I suspect AMD is also vulnerable in HW. Probably NVIDIA GPUs too if I had to make a bet.
     
  7. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,917
    Joined:
    Apr 9, 2012
    BRB registering intelflaws.com
     
  8. SomeoneElse

    SomeoneElse [H]ard|Gawd

    Messages:
    1,755
    Joined:
    Jan 16, 2007
    2% for AMD is huge! lol....
     
    Big_Rig_Stig likes this.
  9. DeeFrag

    DeeFrag [H]ardness Supreme

    Messages:
    5,567
    Joined:
    Jan 14, 2005
    That's a great name for AMD's next product line.
     
    Remon, Roberty, Dayaks and 3 others like this.
  10. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016
    FTFA

    so... once again, you have to have a compromised computer already... to take advantage of these "exploits"

    *SIGH*
     
    Dayaks, Big_Rig_Stig and ZeroBarrier like this.
  11. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,517
    Joined:
    Mar 9, 2003
    If being on a VM on the hardware is sufficient access, then it isn't *sigh*. Thecloud era means lots of things share their hardware with anyone with a credit card. For desktop users not such a big deal, but for consumers of services, potentially problematic.
     
    Big_Rig_Stig, Templar_X and {NG}Fidel like this.
  12. ZeroBarrier

    ZeroBarrier Limp Gawd

    Messages:
    225
    Joined:
    Mar 19, 2011
    Doesn't matter, since it's Intel it's a valid and real flaw. When it's AMD we can give them a pass. It's how it works around here now.
     
    drescherjm and KazeoHin like this.
  13. aaronspink

    aaronspink [H]ard|Gawd

    Messages:
    2,029
    Joined:
    Jun 7, 2004
    This is like the rest of the Spectre related attacks a pretty much universal attack vector on any CPU with a BHT. That would include basically ever CPU ever designed with branch prediction aka including AMD. BHT is a basic component of any branch predictor.

    Nor will this likely be the last. I would expect at least another dozen OoO related exploits to be found over the next couple of years.
     
  14. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,174
    Joined:
    Dec 8, 2004
    Many of you have no idea how exploitation works, while spouting opinions and fanboy statements.

    There is a VAST different between an exploit that provides a privesc (Spectre et al) and a vulnerability that allows an admin to install a backdoor (Supposedly the CTS Labs shens).

    Something that can privesc means a bad website you browse to all of a sudden is executing code on your computer with root creds. The CTS labs supposed vuln did NOT provide a means of a lower privileged process to jump to root.
     
    Remon, Big_Rig_Stig and Templar_X like this.
  15. velusip

    velusip [H]ard|Gawd

    Messages:
    1,578
    Joined:
    Jan 24, 2005
    That's amazing.

    Or even open sourcing the PSP kernel and calling it Karma would be just as good.
     
    Big_Rig_Stig likes this.
  16. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,166
    Joined:
    Aug 3, 2004
    How are those class action lawsuits against intel going? Sorry but they knew dam well about these but didnt care because of performance gains they got to keep them ahead of AMD....
     
  17. viper1152012

    viper1152012 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Jun 20, 2012
    (Intel in a panic)

    Uhhhh independent labs say AMD causes hemoroids in your south Bridge

    *sighs in relief
     
    Master_shake_ likes this.
  18. ZeroBarrier

    ZeroBarrier Limp Gawd

    Messages:
    225
    Joined:
    Mar 19, 2011
    Wait for it. Just because it hasn't been found yet, doesn't mean it won't later be found. And the fact that the AMD flaw is practically permanent and persist a format and reinstallation should concern people much more than it has.
     
Tags: