Researchers find two more Spectre attacks

Posted on Tuesday, Mar 27 2018 @ 13:38 CEST by Thomas De Maesschalck
Two more Spectre-related branch prediction processor vulnerabilities were discovered by a team of researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University. The new vulnerabilities are called BranchScope and Spectre 2:
BranchScope and Spectre 2 both take advantage of different parts of the branch predictor. Spectre 2 relied on a part called the Branch Target Buffer (BTB)—the data structure within the processor that records the branch target. BranchScope, instead, leaks information using the direction of the prediction—whether it's likely to be taken or not—which is stored in the pattern history table (PHT).


For Spectre 2, an attacker primes the BTB, carefully executing branch instructions so that the BTB has a predictable content with a target instruction that will, if speculatively executed, disturb the processor's cache in a detectable way. The victim program then runs and makes a branch. The attacker then checks to see if the cache was disturbed; the measurement of that disturbance leaks information.
More at ARS Technica. Other attacks will most likely follow in the coming weeks, months, and years. Hardware makers are moving as fast as they can to make processors more secure, but speculative execution will remain an issue for a long time to come.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments