All of the modern processors coming our way from both AMD and Intel are vulnerable. As some researchers from two universities – the University of Virginia and University of California San Diego – found out a few new variants of Spectre exploits. Though there are some Spectre mitigations, none of the is capable of protecting the processors against potential attacks. Moreover, even if trying to mitigate these vulnerabilities, likely, they will hugely affect the performance. It is also worth noting that it’s still unknown how easy these vulnerabilities are to exploit in the real world. We guess only direct attacks can cause serious problems.
Spectre Attacks Get Three New Types
In order to maximize performance, all modern processors from AMD and Intel use branch prediction and speculative execution. Simply put, CPUs try to guess the destination of a branch on a memory value that is in the process. So when it gets the memory value, it either keeps the speculative computation, if the prediction was true, or it discards, if not. Since 2018, many hackers have been using this feature of current processors to access users’ data. It’s called Spectre attacks (aka simply, Spectre).
Now, researchers from the mentioned two universities discovered three new types of Spectre attacks. As all processors on the market from AMD (since 2017) and Intel (since 2011) use micro-op caches, they all can be hacked through these three hacking methods.
As TomsHardware says, they are:
- A same thread cross-domain attack that leaks secrets across the user- kernel boundary;
- A cross-SMT thread attack that transmits secrets across two SMT threads running on the same physical core, but different logical cores, via the micro-op cache;
- Transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution.
How To Get Protected From Spectre Attacks
In fact, it’s not as easy as you may think to fix this problem. That’s why though Intel and AMD were informed about, it but nothing has been done till the date. However, researchers are also suggesting some methods to fix the vulnerabilities:
- Clean the micro-op cache at domain crossings. However, we should say that this is not the best solution. Modern CPUs need to flush the Instruction Translation Lookaside Buffer (iTLB) to flush the micro-op cache. So if you flush them frequently, it will affect processor’s performance.
- Partition micro-op caches based on privileges. But this method is going to increase the number of protection domains. So many caches won’t be used. Thus, it will affect the performance as well.
- Monitor anomalies. But the latter is prone to misclassification errors, whereas frequent probing leads to significant performance degradation.
In fact, these vulnerabilities couldn’t be used widely because malware should bypass all other software and hardware security measures. There are myriads of such measures in modern systems. So likely, the possibility of such attacks is too low.