Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel CPUs Vulnerable To New 'BranchScope' Attack (securityweek.com)

Posted by msmash on from the aftermath dept.

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures. Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).

16 of 102 comments (clear)

  1. Hype! Hype! Hype! by Anonymous Coward · · Score: 2, Insightful

    Every vulnerability needs a HYPED UP MARKETING NAME in the TECHSOCIAL INDUSTRY!!

    EVERYTHING ABOUT TECH IS SOCIAL!!!!

    Nerds who built all our technology, die in a fire. We the Social don't need nerds anymore.

    1. Re:Hype! Hype! Hype! by Tablizer · · Score: 5, Insightful

      It's not hype in the sense that our IT stacks have so many layers, parts, and levels that it's nearly impossible to keep them all safe. Plus, co's rush products in order to stay ahead of competition at the expense of security.

      Thus, they are indeed a steaming pile of leaks what should worry people. However, I will agree that focusing on specific problems may be a form of hype because for every 1 you hear about, there's probably dozens (already publicized) that you don't.

      If people keep finding enough of these vulnerabilities, the patches will make the CPU run as slow as a Commodore 64. Maybe we should go back to '64s, eh? I got used to ASCII pr0n anyhow; I have a thing asterisks.

      --
      Table-ized A.I.
  2. Media Bias is finally slowing down by naubrey · · Score: 2

    When the poo hit the AMD fan a few weeks ago it was front page news everywhere, but now that it has been slung back at Intel, it's good to see Ars is not making this article front and center, but rather downplaying it a bit. I actually had to search the front page to find it.

    1. Re:Media Bias is finally slowing down by HiThere · · Score: 3, Insightful

      Well, to be fair a lot of the hype about the AMD problem was because it was presented in a way that made it look as if Intel sponsored the release of information. I'm still not sure that isn't true.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  3. Re:TL;DR by Anonymous Coward · · Score: 4, Insightful

    Non-news? Really? You can execute arbitrary code in virtual machines which could allow an attacker to access other running virtual machines or the host itself. This attack surface is absolutely HUGE! All an attacker has to due is get for example an Amazon Web Service instance and then be able to attack anything else running on that host. MASSIVE portions of the Internet run on services like AWS, VPS systems, etc.

    Your browser can also present a target due to running Javascript or similar.

  4. Re:Great by greenwow · · Score: 3, Informative

    Same here. We had several Dell Precision 5520 laptops bricked after installing:

    http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=NFKYX

    We have several locations, and unfortunately our IT department didn't communicate that the update did that before I think five were bricked. We paid a lot extra for Dell's ProSupport Plus, but they have no solution yet and won't offer replacements.

  5. Nothing about AMD by Mister+Liberty · · Score: 2

    Although I expect Intel to correct that.

  6. Re:TL;DR by Megol · · Score: 2

    Need to have access: Internet or any other network will do. No need for physical access.
    Able to execute arbitrary code: many ways to do that.

    Do you realize that Meltdown and the other Spectre exploits that made everyone rush to patch operating systems and user software require both access to a system and the ability to execute arbitrary code? In fact this looks like a variant of the Spectre family using another type of branch predictor manipulation.

  7. Re:Yawn by Mal-2 · · Score: 3, Insightful

    It's not trivial if it spans VMs, and one client of a hosting service can eavesdrop on another via this side channel. That has been the fear with Spectre and Meltdown, and it is most likely the fear here as well.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  8. Re:TL;DR by Anonymous Coward · · Score: 2, Informative

    You have no idea how these attacks work. You can execute arbitrary code on the physical machine. It may be inside a virtual machine but it's still executing on the physical hardware. That's the only requirement, executing arbitrary code on the CPU. You can do exactly that inside a VM and all the VM's are using the same CPU(s) therefore subject to attack.

    You seem to mistakenly think that this requires physical access to the hardware or something.

  9. Great by nehumanuscrede · · Score: 2

    Cue up another " hotfix " that will be deployed half a dozen times before it's ready to screw things up again.
    My condolences in advance if you're running Windows 10 and the unstoppable update machine :|

  10. Re:God Damnit Intel by DontBeAMoran · · Score: 2

    Yeah after all those security problems, I'm almost expecting Apple to launch a new A10-powered laptop real soon now (TM).

    --
    #DeleteFacebook
  11. Responsible disclosure? by ElizabethGreene · · Score: 2

    It would be nice if they had worked with vendors to disclose this before publishing it. ... or did I miss that?

  12. Re:Yawn by Anonymous Coward · · Score: 2, Insightful

    can be exploited by an attacker to obtain potentially sensitive information

    In other words, there is a one in a billion chance that an attacker would obtain something of importance.

    Yes, and when you have the computing power at your disposal to make billions of attempts per second it doesn't really take long at all.

  13. Re:Isn't there access to the very core? by xxxLCxxx · · Score: 2

    Nope, there's not.
    Technically the processors don't even belong to the customers. Intel still maintains full control over them, granting their buyers/users only very little of the same.
    Unfortunately they also give full control over your management engine to others, if they want to. This machine (running MINIX on a power-efficient core) can then do - literally - anything behind your back, as you have no possibility to check what it is doing (which is exactly the way they want it to be)...

  14. Re:Yawn by Megol · · Score: 2

    X86 isn't that bad. It's easier to decode than many other architectures, it's easier to make superscalar than many others, it support extensions of the instruction set. The last one is why we are still using x86.

    X86 processors execute x86 instructions. They are x86 and only a subset of instructions aren't executed directly. There is no translation hardware unless you call the instruction decoding translation (technically correct) and then almost every processor made have/had translation hardware.
    Instruction fusion? Used on RISC. Instruction splitting? Used on RISC. Detection of special cases? Used on RISC (e.g. r0 or r31 defined as zero). Those are all optimization tricks.