'

Researchers uncover Spectre-like Intel CPU vulnerability called BranchScope

This attack has not been tested on AMD processors

Researchers uncover Spectre-like Intel vulnerability called BranchScope

Researchers uncover Spectre-like Intel CPU vulnerability called BranchScope

The scariest thing about Spectre and Meltdown was the fact that they were the first of what was likely to be a range of potential side-channel attacks. Before now, attacks on CPU branch predictors were not seen as exploitable, with the technology being what underpins a lot of the performance improvements that we have seen in processors over the past few generations.   

Researchers from four US universities, College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University, have released a paper which details a new Spectre 2-like vulnerability called BranchScope, a new side-channel attack which targets the "directional branch predictor". 

Spectre Variant 2 allows users to look at the "Branch Target Buffer" a cache for Branch Prediction operations, whereas BranchScope targets the "directional branch predictor," which is a process which decides what speculative operations to execute. AMD Processors are currently unaffected by Spectre Variant 2, which makes it unlikely that AMD will be affected by BranchScope. 

BranchScope has been tested on Intel's Sandy Bridge, Haswell and Skylake processors, with the attack being launchable without any administrator rights with an error rate of less than 1%. Since BranchScoper is exploitable from the user space, it is much scarier than the AMD exploits that were recently revealed by CTS Labs, which were only exploitable in systems where their security is already compromised. 

Researchers uncover Spectre-like Intel vulnerability called BranchScope  

Right now we are seeing conflicting reports from BranchScope's researchers and Intel regarding the impact of the exploit, with the researchers claiming that none of the mitigation in place for Spectre can prevent the effects of BranchScope and Intel stating that "We anticipate that existing software mitigations for previously known side channel exploits". Below is Intel's full statement on BranchScope. from Bleeping Computer

     We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits,

We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side-channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.


More detailed information about BranchScope is available in the academic paper called "BranchScope: A New Side-Channel Attack on Directional Branch Predictor", which is available to read here

BranchScope will likely be the first of many new speculative execution attacks that will be uncovered in the coming years, which will undoubtedly lead to changes in CPU designs moving forward, securing this vital part of modern processor architectures. 

You can join the discussion on BranchScope, the recently discovered Spectre-like vulnerability on Intel CPUs on the OC3D Forums

Special Thanks to TheF34RChannel for the information. 

«Prev 1 Next»

Most Recent Comments

29-03-2018, 07:53:54

Dawelio
One of many reasons I switched from Intel to AMD, especially considering how long Intel has been in this business... These kinds of things just shouldn’t appear.Quote

29-03-2018, 11:40:59

TheF34RChannel
Quote:
Originally Posted by Dawelio View Post
One of many reasons I switched from Intel to AMD, especially considering how long Intel has been in this business... These kinds of things just shouldnÂ’t appear.
That's too easy an answer for me. I'd like to know exactly how it impacts consumers, how big a chance it is etc., in general, not just this bug.Quote

29-03-2018, 12:33:01

WYP
Quote:
Originally Posted by Dawelio View Post
One of many reasons I switched from Intel to AMD, especially considering how long Intel has been in this business... These kinds of things just shouldnÂ’t appear.
You say that but the problem is that with every new engineering innovation there are always unforeseen issues. Go back a year an nobody knew that you could target branch prediction to gain access to previously inaccessible data.

These issues will take a while to fully resolve in hardware, but at least now CPU makers know what to look for and can harden their future designs against it.

While I agree with your sentiment, I do think it is unreasonable to think that all products should be perfect without any potential for fault. Before Spectre/Meltdown, nobody knew that this was possible, so I wouldn't fault anyone for having such a flaw in their product. While I do think Intel's response to Spectre/meltdown could have been a lot better, I'm not going to fault Intel for not designing around a problem that nobody knew existed.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.