UVA Engineering Computer Scientists Discover New Vulnerability Affecting Computers Globally
In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.
Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.
iTWire Monday, 03 May 2021 11:05 US researchers find flaw affecting processors made since 2011
Shares Ashish Venkat: We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.” Supplied
Researchers at the University of Virginia School of Engineering computer science department have discovered vulnerabilities earlier in the speculative execution chain of a processor than the Spectre flaw which was made public in January 2018.
Spectre can trick vulnerable applications into leaking the contents of their memory.
The UVA team
found a way to exploit what is called a micro-op cache which speeds up computing by storing commands early in the speculative execution process. Micro-op caches are present in Intel processors produced since 2011.
Published 3 May 2021
A team o computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.
In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.
Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wro
By Juha Saarinen on May 2, 2021 6:03AM
Billions of computers vulnerable.
Researchers at the universities of Virginia and California in the United States have devised new Spectre-style hardware attacks that make it possible to steal data when processors fetch commands from their micro-ops caches.
The new vulnerability affects billions of computers and other devices worldwide, and the researchers say it will be much harder to fix than the speculative execution flaws discovered over the last few years.
In their paper,
I see dead µops: leaking secrets via Intel/AMD micro-op caches [pdf], the researchers present three attacks that break defences against the earlier discovered Spectre hardware flaws in processors speculative execution mechanisms.
University of Virginia School of Engineering and Applied Science
In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.
Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.