Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

Must Read

An Indian-origin researcher has warned that billions of computers and other devices across the globe are vulnerable today owing to a vulnerability named ‘Spectre’ that was first discovered in 2018 but is open to hackers again.

Since ‘Spectre’ was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.

Also Read

However, researchers, led by Ashish Venkat at the University of Virginia’s School of Engineering and Applied Science, UVA Engineering, discovered that computer processors are open to hackers again.

They found a whole new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

Micro-op caches have been built into Intel computers manufactured since 2011.

Venkat’s team discovered that hackers could steal data when a processor fetches commands from the micro-op cache.

“Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,” Venkat said.

A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline.

“Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password,” he elaborated.

Because all current ‘Spectre’ defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat’s team’s new attacks.

Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.

“Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute,” Venkat informed.

“But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.”

This newly discovered vulnerability will be much harder to fix.

In the case of the previous ‘Spectre’ attacks, developers have come up with a relatively easy way to prevent any sort of attack without a major performance penalty for computing.

“The difference with this attack is you take a much greater performance penalty than those previous attacks,” said PhD student Logan Moody.

Venkat’s team has disclosed the vulnerability to the product security teams at Intel and AMD.

The team’s paper has been accepted by the highly competitive International Symposium on Computer Architecture, or ISCA.

Save up to 60% on OptinMonster

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -