A team of researchers at the University of Virginia School of Engineering has discovered a new vulnerability affecting billions of computers and other devices across the globe. The newly discovered vulnerability will be much harder to fix, the researchers said.
Led by Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at UVA Engineering, the research team uncovered a line of attack that breaks all Spectre defenses. For those unaware, Spectre is a potentially devastating hardware flaw that made news headlines in 2018 for its ability to exploit critical vulnerabilities in modern processors, allowing programs to steal passwords and sensitive data like emails, business documents, photos etc.
The UVA computer scientists found a whole new way for bad actors to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process. According to the researchers, hackers can steal data when a processor fetches commands from the micro-op cache.
The team found two variants of the attacks that can steal speculatively accessed information from Intel and AMD processors.
“Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute. But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel,” said Venkat.
The vulnerability has already been disclosed to the product security teams at Intel and AMD, with the lead researcher expecting that computer scientists in academia and industry will work quickly together, as they did with Spectre, to find solutions for this newly discovered problem.
The UVA research team will present the new challenge at the annual International Symposium on Computer Architecture (ISCA) conference which will take place virtually in June 2021.
The research is funded by the National Science Foundation (NSF) and Defense Advanced Research Projects Agency (DARPA).