Researchers uncover Spectre-like Intel CPU vulnerability called BranchScope
Researchers uncover Spectre-like Intel CPU vulnerability called BranchScope
Researchers from four US universities, College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University, have released a paper which details a new Spectre 2-like vulnerability called BranchScope, a new side-channel attack which targets the “directional branch predictor”.Â
Spectre Variant 2 allows users to look at the “Branch Target Buffer” a cache for Branch Prediction operations, whereas BranchScope targets the “directional branch predictor,” which is a process which decides what speculative operations to execute. AMD Processors are currently unaffected by Spectre Variant 2, which makes it unlikely that AMD will be affected by BranchScope.Â
BranchScope has been tested on Intel’s Sandy Bridge, Haswell and Skylake processors, with the attack being launchable without any administrator rights with an error rate of less than 1%. Since BranchScoper is exploitable from the user space, it is much scarier than the AMD exploits that were recently revealed by CTS Labs, which were only exploitable in systems where their security is already compromised.Â
 Â
Right now we are seeing conflicting reports from BranchScope’s researchers and Intel regarding the impact of the exploit, with the researchers claiming that none of the mitigation in place for Spectre can prevent the effects of BranchScope and Intel stating that “We anticipate that existing software mitigations for previously known side channel exploits”. Below is Intel’s full statement on BranchScope. from Bleeping Computer.Â
   We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits,
We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side-channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.
More detailed information about BranchScope is available in the academic paper called “BranchScope: A New Side-Channel Attack on Directional Branch Predictor”, which is available to read here.Â
BranchScope will likely be the first of many new speculative execution attacks that will be uncovered in the coming years, which will undoubtedly lead to changes in CPU designs moving forward, securing this vital part of modern processor architectures.Â
You can join the discussion on BranchScope, the recently discovered Spectre-like vulnerability on Intel CPUs on the OC3D Forums.Â
Special Thanks to TheF34RChannel for the information.Â