All Intel processors from the 9th generation and up are affected by this new security flaw. Swiss experts have identified a new variant of Spectre attacks, known for their ability to exploit chip optimization mechanisms. This discovery calls into question the effectiveness of the protective measures deployed by Intel since 2018.
Critical data at risk
The flaw allows hackers to extract critical information stored in the most protected areas of the processor's memory, including the operating system kernel. "Intel's hardware mitigation measures against these types of attacks have held up for nearly 6 years," the researchers emphasize, who have nevertheless managed to bypass them.
To exploit this vulnerability, attackers target two essential components of the processor: the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB). These elements, designed to improve chip performance, anticipate upcoming instructions by speculating on their direction. This anticipation makes it possible to prefetch data and accelerate program execution.
The problem lies in a lack of synchronization between these prediction systems and the actual execution of instructions. The researchers observed that "branch predictor updates are not synchronized with the actual execution of instructions." In practice, the processor can continue to speculate on future instructions even when this gives access to sensitive data, without the program having authorization.
This attack method can recover passwords, encryption keys, and other critical operating system data. The researchers demonstrated that they could extract arbitrary information at a rate of 5.6 kilobytes per second on a fully updated Ubuntu 24.04 system with all protections enabled.
The vulnerability effectively bypasses Intel's enhanced Indirect Branch Restricted Speculation (eIBRS) and Indirect Branch Prediction Barrier (IBPB) security measures to protect against Spectre v2 attacks. These protections, considered the standard defense strategy, are proving ineffective against this new technique.
Alerted last September by the Swiss research team, Intel quickly developed a series of updates to address this vulnerability. The manufacturer has deployed patches to all affected processors, but these measures are accompanied by a performance degradation of up to 2.7%, according to evaluations conducted on Alder Lake chips. A lesser evil.
In its response, Intel states that it has "strengthened its hardware protection measures against Spectre v2" and recommends that its customers "contact their system manufacturer to perform the necessary updates." The American giant specifies, however, that it "is not aware of any actual exploitation of vulnerabilities related to speculative execution" to date.
0 Comments