Security News Researchers Detail New CPU Side-Channel Attack Named SpectreRSB

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/researchers-detail-new-cpu-side-channel-attack-named-spectrersb/

Academics from the University of California, Riverside (UCR) have published details last week about a new Spectre-class attack that they call SpectreRSB.

Just like all "Spectre-class" attacks, SpectreRSB takes advantage of the process of speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

New Spectre attack targets a CPU's RSB

The difference from previous Spectre-like attacks is that SpectreRSB recovers data from the speculative execution process by attacking a different CPU component involved in this "speculation" routine, namely the Return Stack Buffer (RSB). Previous Spectre attacks have targeted the branch predictor unit or parts of the CPU cache.

In the grand architecture of a CPU, the RSB is a component that is involved in the speculative execution routine and works by predicting the return address of an operation the CPU is trying to compute in advance, part of its "speculation."

In a research paper published last week, UCR researchers said the could pollute the RSB code to control the return address and poison a CPU's speculative execution routine,

Because the RSB is shared among hardware threads that execute on the same virtual processor, this pollution enables inter-process, and even inter-VM, pollution of the RSB.

Attack bypasses previous Spectre patches

"Importantly, none of the known defenses including Retpoline and Intel's microcode patches stop all SpectreRSB attacks," UCR researchers say.

This means that a threat actor who wants to recover data from a victim's PC that received Spectre patches can update his original Spectre code to target the RSB to bypass any defensive measures applied by the device owner.

But researchers also point out that Intel has a patch that stops this attack on some CPUs, but which it has not rolled out to all of its processors.

"In particular, on Core-i7 Skylake and newer processors (but n`ot on Intel's Xeon processor line), a patch called RSB refilling is used to address a vulnerability when the RSB underfills," researchers say describing a fix for an unrelated bug.

"This defense interferes with SpectreRSB's ability to launch attacks that switch into the kernel. We recommend that this patch should be used on all machines to protect against SpectreRSB."

After Bleeping Computer reached out to Intel earlier today, the company provided a statement suggesting the opposite to what researchers have said —that SpectreRSB attacks could be prevented with existing mitigations.

 

[ForgottenSeer 58943]

It's curtain's for Intel. They've been fast and loose with security and now it's burning them. They've allowed the Israeli's to backdoor the chips during the R&D and covered it up for way too long.

I don't even consider Intel a viable option any longer. This is ridiculous to be honest.. The whole architecture needs to be thrown out and re-engineered.

 

[vtqhtr413]

Will the chrome books you suggest still fare alright ?

 

[ForgottenSeer 58943]

Will the chrome books you suggest still fare alright ?

I suppose they already are. They were never vulnerable to the earlier meltdown/spectre. So I suspect they'll be fine. I guess we will find out.

I've heavily ramped up security at home lately. I don't like to disclose my setup anymore, but it's fairly extraordinary. I'm shifting to more local AI/ML and Anomaly blocking technologies from a couple different firms. It should be virtually impossible to breach my systems, even with tailored malware under a targeted attack.

But again, we'll see. My home is largely a proof of concept node for several firms due to the number of attacks we get here.

 

[Lightning_Brian]

@ForgottenSeer 58943 Nice to see that you take security to such great lengths. I keep on upping up my game now as well. The tides are changing and consumer grade stuff just doesn't cut it in all areas. It is the sad truth... I may end up revising my security config here soon with some of the more higher level network changes I am making

~Brian

 

[ForgottenSeer 58943]

@ForgottenSeer 58943 Nice to see that you take security to such great lengths. I keep on upping up my game now as well. The tides are changing and consumer grade stuff just doesn't cut it in all areas. It is the sad truth... I may end up revising my security config here soon with some of the more higher level network changes I am making

~Brian

Good luck. It's grim out there right now and none of the vendors have any perfect answers. There are whispers of starting an alternative internet. Or distributed goTenna like encrypted mesh internet. Etc.. As for security, it's tough right now. But yes, people need to step up their game.

You can't even shop Walmart without having ex-spooks spying on you. Walmart has hired around 12,000 former intelligence agents to spy on shoppers and employees. (google it) Local elections are totally infiltrated by ex-spooks that 'magically' move in to areas, have a lot of funding, and decide on whim to run for office? In my district someone moved in, started running for an upcoming local office, seeming had unlimited funding and sneaky (manipulative) advertising, and it turns out, she's a former CIA asset..

Now all of these magical backdoors, exploits and vulns impacting our most sacred of all things, CPU's.. It's all sort of crappy right now.