Academics Discover New CPU Side-Channel Attack Named BranchScope

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users' CPUs.

Speculative execution is the same CPU function exploited by the Meltdown and Spectre flaws disclosed at the start of the year, but the attack researchers found is different from previous flaws, as it attacks a new section of the speculative execution process.

Researchers named this new technique BranchScope because it attacks the "branch prediction" operation —which is the same part of a CPU speculative execution process that the Spectre variant 2 (CVE-2017-5715) vulnerability also targets.

To understand how modern CPUs use speculative execution and branch prediction, there's an explanation at the 00:35 mark in this Intel video below.
...
....
..
Click to expand...

BranchScope sucessfully tested against Intel CPUs

Academics say that BranchScope is the first side-channel attack that targets "direction prediction" and that the technique can also be used to retrieve content stored inside SGX enclaves, secure areas of Intel CPUs, previously thought to be untouchable.
Click to expand...
 
  • Like
Reactions: shmu26 and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Intel CPUs vulnerable to new transient execution side-channel attack
Replies
2
Views
1,295
News Archive
HarborFront
H
CyberTech
    • Like
Security News Intel Sued Over ‘Downfall’ CPU Vulnerability
Replies
0
Views
1,280
Security News
CyberTech
CyberTech
silversurfer
    • +Reputation
    • Like
    • Wow
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
Replies
0
Views
1,394
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top