Intel CPUs Vulnerable To New 'BranchScope' Attack

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures. Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).

Re:Hype! Hype! Hype!

[Tablizer]

It's not hype in the sense that our IT stacks have so many layers, parts, and levels that it's nearly impossible to keep them all safe. Plus, co's rush products in order to stay ahead of competition at the expense of security.

Thus, they are indeed a steaming pile of leaks what should worry people. However, I will agree that focusing on specific problems may be a form of hype because for every 1 you hear about, there's probably dozens (already publicized) that you don't.

If people keep finding enough of these vulnerabilities, the patches will make the CPU run as slow as a Commodore 64. Maybe we should go back to '64s, eh? I got used to ASCII pr0n anyhow; I have a thing asterisks.

Re:TL;DR

Non-news? Really? You can execute arbitrary code in virtual machines which could allow an attacker to access other running virtual machines or the host itself. This attack surface is absolutely HUGE! All an attacker has to due is get for example an Amazon Web Service instance and then be able to attack anything else running on that host. MASSIVE portions of the Internet run on services like AWS, VPS systems, etc.

Your browser can also present a target due to running Javascript or similar.

Re:Great

[greenwow]

Same here. We had several Dell Precision 5520 laptops bricked after installing:

http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=NFKYX

We have several locations, and unfortunately our IT department didn't communicate that the update did that before I think five were bricked. We paid a lot extra for Dell's ProSupport Plus, but they have no solution yet and won't offer replacements.

Re:Media Bias is finally slowing down

[HiThere]

Well, to be fair a lot of the hype about the AMD problem was because it was presented in a way that made it look as if Intel sponsored the release of information. I'm still not sure that isn't true.

Re:Yawn

[Mal-2]

It's not trivial if it spans VMs, and one client of a hosting service can eavesdrop on another via this side channel. That has been the fear with Spectre and Meltdown, and it is most likely the fear here as well.