On AMD Zen microarchitectures, the micro-ops disclosure primitive can be exploited to achieve a covert data transmission channel with a bandwidth of 250 Kbps with an error rate of 5.59% or 168.58 Kbps with error correction, the researchers detailed. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel." "But it turns out the walls of this waiting area have ears, which our attack exploits.
#Spectre ghost malware code
"Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Ashish Venkat, an assistant professor at the University of Virginia and a co-author of the study, said. Micro-op caches have been built into Intel-based machines manufactured since 2011. The new attack method exploits what's called a micro-operations (aka micro-ops or μops) cache, an on-chip component that decomposes machine instructions into simpler commands and speeds up computing, as a side-channel to divulge secret information. "Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way." "A Spectre attack tricks the processor into executing instructions along the wrong path," the researchers said. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.Ī timing side-channel attack at its core, Spectre breaks the isolation between different applications and takes advantage of an optimization method called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.
0 kommentar(er)
