New Spectre Chip Security Vulnerability Found That Leaves Billions Of PCs Still Defenseless

spectre vulnerability brought back to life by researchers
Back in 2018, a processor security vulnerability called Spectre appeared, affecting all modern CPU architectures from Intel, AMD, and even ARM in the last 20 years. Since then, major players and semiconductor OEMs have worked hard to patch out the vulnerabilities in a cybersecurity whack-a-mole game, in some cases leading to performance loss and other issues. Today, unfortunately, University of Virginia Researchers have now found a way to circumvent all of the original Spectre security mitigations, essentially resurrecting the ghostly security flaw that will now again haunt billions of PCs globally.

Of the vulnerabilities that appeared in 2018, Spectre was the nastier of the two primary threat vectors, with the other being Meltdown. In short, Spectre works by leveraging modern CPU features called branch prediction and speculative execution, to access memory that would not otherwise be accessible during traditional compute operations. Exposed system memory could contain confidential information, which could then be piped out through a side channel to an adversary looking to exploit it. The original whitepaper explained that this problem ultimately arose from a “long-standing focus in the technology industry on maximizing performance,” without focusing on adequate security measures to protect system memory data in flight.

cpus spectre vulnerability brought back to life by researchers

After the paper was published and coverage began to take off, companies like Intel, AMD and others such as Microsoft, worked to patch these vulnerabilities via software and firmware. Further, this family of vulnerabilities received more scrutiny, leading to new discoveries such as AMD processors being found as vulnerable to a different side-channel attack. Now, researchers at the University of Virginia School of Engineering and Applied Science have found a way to revive Spectre that  breaks all the currently deployed mitigations that exist today.

According to an article released yesterday by University of Virginia, this newly discovered line of attack means “billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.” It was initially reported to international chip makers in April, and now presents new challenges for both consumers and enterprise customers alike.

Spectre's New Threat Vector Discovery And How It Works

ashish venkat spectre vulnerability brought back to life by researchers
UVA Researcher Ashish Venkat

The researcher team was led by Ashish Venkat, Assistant Professor of Computer Science at UVA Engineering, who likens the team’s discovery to how security works in an airport. He explained a hypothetical scenario “where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway.” However, when you are between the metaphorical TSA checkpoint and the gate, something bad could still happen. "A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline," notes Venkat. However, at that point it may be too late and these nefarious instructions could leave "side-effects" in the pipeline that an attacker could use to exploit for critical information like credentials, etc. 
I see dead micro ops leaking secrets
Venkat and his team now believe that this problem will be much harder to fix than the original Spectre vulnerabilities. Ph.D. student researcher Logan Moody explained that when attempting a fix, the “difference with this attack is you take a much greater performance penalty than those previous attacks.” This is because the clear solution is disabling a micro-op cache or halt speculative execution. However, this fix would “effectively roll back critical performance innovations in most modern Intel and AMD processors, and this just isn’t feasible,” according to lead student author Xida Ren.

Whatever the potential fix might be, it's likely not going to be pretty nor easy to fix, as we saw with the original Spectre vulnerability. Hopefully, academia, government, and major chip players can quickly work together to address the problem at hand. You can learn more about this new vulnerability in the research report here (PDF). Either way, stay tuned to HotHardware for updates on this developing situation.

(Ashish Venkat Image Courtesy Of UVA)