Since 2018, computer scientists have been investigating a possibly catastrophic hardware flaw that exposed computers wordlwide susceptible to attack. At that time, experts named the flaw “Spectre”, as it was built into processors who utilize speculative execution – the process by which the computer predicts the instructions it will be asked to perform based upon its memory.
A Spectre attack fools the computer processor into following instructions along an alternate (and wrong) path. Even though the processor has the ability to correct itself – and will correctly complete the task – confidential data is vulnerable to hackers during the detour.
Since Spectre was identified, the most respected computer scientists from around the globe have developed software and hardware fixes. As of recently, researchers had a high confidence level that they could protect the processors from all comers without affecting speed or performance. However, according to a report published in Science Daily, their confidence was premature. A group of researchers from the University of Virginia School of Engineering discovered a strategy of attack that breaks through all of the defenses created to plug the Spectre gap. Unfortunately, this means that billions of processors around the world are under just as much threat today as they were 3 years ago. The group reported its findings to international chip makers in April.
The researchers discovered an entirely new way for cyber-hackers to exploit the “micro-op cache,” which stores simple commands and permits the processor to retrieve them quickly. The research showed that as the processor is retrieving commands from this cache, it opens a window of vulnerability to the hackers. Micro-op caches are standard in Intel computers manufactured after 2011.
According to the team, this newly discovered hardware flaw will be much harder to fix.
“The difference with this attack is you take a much greater performance penalty than those previous attacks.” Ph.D. student Logan Moody
“Patches that disable the micro-op cache or halt speculative execution on legacy hardware would effectively roll back critical performance innovations in most modern Intel and AMD processors, and this just isn’t feasible.” Ph.D. student Xida Ren
The team’s white paper has been accepted by the International Symposium on Computer Architecture, or ISCA. The annual ISCA conference is the leading forum for new ideas and research results in computer architecture and will be held virtually in June.
The research lead , Ashish Venkat, Career Enhancement Assistant Professor of Computer Science at UVA Engineering, co-authored a paper with collaborators Mohammadkazem Taram and Tullsen from UC San Diego that introduce a more focused microcode-based defense against Spectre known as context-sensitive fencing. This method permits the processor to patch running code with speculation fences on the fly. Although incomplete, the discovey is considered a big win, as each improvement in security allows researchers to go deeper into the hardware and uncover more flaws, eventually resulting in a comprehensive fix.
At Alliance IT, we understand that for many small to medium sized business owners, these types of advances fly over the head of many. In fact, until this piece you may not have even realized that virtually all of the world’s computers are hard-wired with a known hardware flaw. While this may seem overwhelming at first, there is hope. The experts at Alliance IT offer a wide depth and breadth of knowledge in cybersecurity, and our monitoring systems can keep an eye on your network 24/7. Call today to find out how we can help you to keep your data and confidential information safe.
