Billions of computers at hacking risk: Indian-origin scientist
By MYBRANDBOOK
An Indian born researcher, led by Ashish Venkat at the University of Virginia's School of Engineering and Applied Science, UVA Engineering, discovered that computer processors are open to hackers again. They found a whole new way for hackers to exploit something called a "micro-op cache," which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process.
Since 'Spectre' was discovered, the world's most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they've been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.
Micro-op caches have been built into Intel computers manufactured since 2011. Venkat's team discovered that hackers could steal data when a processor fetches commands from the micro-op cache.
"Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway," Venkat said.
A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. "Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password," he elaborated.
Because all current 'Spectre' defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat's team's new attacks.
Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.
"Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Venkat informed.
"But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel."
This newly discovered vulnerability will be much harder to fix.
In the case of the previous 'Spectre' attacks, developers have come up with a relatively easy way to prevent any sort of attack without a major performance penalty for computing. "The difference with this attack is you take a much greater performance penalty than those previous attacks," said PhD student Logan Moody.
Venkat's team has disclosed the vulnerability to the product security teams at Intel and AMD.
BREAKING NEWS
TECHNO TRENDS
GST Council likely to reduce tax on food delivery to 5%
The Goods and Services Tax (GST) Council is reportedly considering a prop...
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
E-Magazine
TECHNOTAINMENT
Pushpa 2 leaks online after recording highest pre-sales in Ind
Pushpa 2, which is one of the most anticipated films of the year, has had a
Eloelo teams up with Elvish Yadav for India's biggest digital
Eloelo, India’s leading platform for live entertainment and creator-drive
MOVERS & SHAKERS
Visa elevates Rishi Chhabra as new Country Manager for India
Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le
Genesys continues to deepen its investment in the APAC region. Earlier this
OPEN YOUR EYES
INTERVIEWS
AMD Pensando driving innovation in the DPU architecture space
AMD Pensando stands out in the DPU (Data Processing Unit) market with its u
Bolstering its commitment to help build a truly self-reliant B
CP PLUS is dedicated to spreading a sense of security to every corner of In
HOT PICK
SonicWall Launches TZ80: A Powerful Solution for Remote Office
SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution
GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
MAKE IN INDIA BRANDS
NUMERIC INDIA, A Group Brand Legrand
VERSA NETWORKS INDIA PVT. LTD.
FIRE BOLTT
STERLITE TECHNOLOGIES LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Icons Of India : NIKHIL RATHI
Co-founder & CEO of Web Werks, a global leader in Data Centers and Clo...
Icons Of India : GAUTAM ADANI CHAIRMAN ADANI GROUP
Gautam Adani is the Founder and Chairman of the Adani Group, which ran...
ICONS OF INDIA : SANJAY NAYAR
Sanjay Nayar is a senior finance professional in the Indian private in...
PARTNER SPEAKERS
PSU
TCIL - Telecommunications Consultants India Limited
TCIL is a government-owned engineering and consultancy company...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
GSTN - Goods and Services Tax Network
GSTN provides shared IT infrastructure and service to both central and...
VIDEOS
Top 25 Brands
Global Indian industry
Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud
Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...
Indian Tech Talent Excelling The Tech World - Dheeraj Pandey, CEO, DevRev
Dheeraj Pandey, Co-founder and CEO at DevRev , has a remarkable journe...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...
STARNITE AWARDS 2024
ITFORUM 2024
CMO of the Year
WOMEN LEADERSHIP
IMAGE GALLERY
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
