Academics Discover New CPU Side-Channel Attack Named BranchScope

[LASER_oneXM]

A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users' CPUs.

Speculative execution is the same CPU function exploited by the Meltdown and Spectre flaws disclosed at the start of the year, but the attack researchers found is different from previous flaws, as it attacks a new section of the speculative execution process.

Researchers named this new technique BranchScope because it attacks the "branch prediction" operation —which is the same part of a CPU speculative execution process that the Spectre variant 2 (CVE-2017-5715) vulnerability also targets.

To understand how modern CPUs use speculative execution and branch prediction, there's an explanation at the 00:35 mark in this Intel video below.
...
....
..

BranchScope sucessfully tested against Intel CPUs

Academics say that BranchScope is the first side-channel attack that targets "direction prediction" and that the technique can also be used to retrieve content stored inside SGX enclaves, secure areas of Intel CPUs, previously thought to be untouchable.