Billions of computers at hacking risk: Indian-origin scientist
By MYBRANDBOOK
An Indian born researcher, led by Ashish Venkat at the University of Virginia's School of Engineering and Applied Science, UVA Engineering, discovered that computer processors are open to hackers again. They found a whole new way for hackers to exploit something called a "micro-op cache," which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process.
Since 'Spectre' was discovered, the world's most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they've been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.
Micro-op caches have been built into Intel computers manufactured since 2011. Venkat's team discovered that hackers could steal data when a processor fetches commands from the micro-op cache.
"Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway," Venkat said.
A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. "Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password," he elaborated.
Because all current 'Spectre' defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat's team's new attacks.
Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.
"Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Venkat informed.
"But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel."
This newly discovered vulnerability will be much harder to fix.
In the case of the previous 'Spectre' attacks, developers have come up with a relatively easy way to prevent any sort of attack without a major performance penalty for computing. "The difference with this attack is you take a much greater performance penalty than those previous attacks," said PhD student Logan Moody.
Venkat's team has disclosed the vulnerability to the product security teams at Intel and AMD.
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
ID-REDACT® ensures full compliance with the DPDP Act for Indi
Data Safeguard India Pvt Ltd, a wholly-owned subsidiary of Data Safeguard ...
OPTIEMUS INFRACOM
MICROTEK INTERNATIONAL PVT. LTD.
TALLY SOLUTIONS PVT. LTD.
DIGISOL SYSTEMS LTD.
Technology Icons Of India 2023: Sridhar Vembu
Sridhar Vembu is an Indian billionaire business magnate and the Founde...
Technology Icons Of India 2023: Som Satsangi
With more than three decades in the IT Sector, Som is responsible for ...
Technology Icons Of India 2023: Vijay Shekhar Sharma
Vijay Shekhar Sharma is an Indian technology entrepreneur and billiona...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
EXCLUSIVE NETWORKS SALES INDIA PVT. LTD.
Exclusive Networks is a globally trusted cybersecurity specialist hel...