Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Intel

Intel CPUs Vulnerable To New 'BranchScope' Attack (securityweek.com) 102

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.
Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).
This discussion has been archived. No new comments can be posted.

Intel CPUs Vulnerable To New 'BranchScope' Attack

Comments Filter:
  • Hype! Hype! Hype! (Score:2, Insightful)

    by Anonymous Coward

    Every vulnerability needs a HYPED UP MARKETING NAME in the TECHSOCIAL INDUSTRY!!


    Nerds who built all our technology, die in a fire. We the Social don't need nerds anymore.

    • by Tablizer ( 95088 ) on Tuesday March 27, 2018 @06:42PM (#56337521) Journal

      It's not hype in the sense that our IT stacks have so many layers, parts, and levels that it's nearly impossible to keep them all safe. Plus, co's rush products in order to stay ahead of competition at the expense of security.

      Thus, they are indeed a steaming pile of leaks what should worry people. However, I will agree that focusing on specific problems may be a form of hype because for every 1 you hear about, there's probably dozens (already publicized) that you don't.

      If people keep finding enough of these vulnerabilities, the patches will make the CPU run as slow as a Commodore 64. Maybe we should go back to '64s, eh? I got used to ASCII pr0n anyhow; I have a thing asterisks.

      • Correction #1: "...pile of leaks that should worry people."

        #2: "I have a thing for asterisks."

        Friggen Mondays. (I was off yesterday, so it's a mental monday.)

      • The people who should be worried, are those who store their data on cloud servers.

        The average user storing stuff behind a firewall in his house or business, has no need to fear these attack vectors.

        • I disagree the cloud is inherently less secure than the traditional approach. If one gives their "local" equipment and setups decent tender-loving-care, yes it's more secure than the cloud, but the average user won't bother, including many businesses.

          The "problem" with the cloud is similar to nuclear power generation. Technically its record is safer than the alternatives. However, its failures make big news, which skews perceptions and fears. (Gas and coal kill through cancer and other ailments, and over ti

          • If cloud isn't inherently less secure than the traditional approach then why do Goog-azon-zure run separate GovClouds for government and military customers?

            Ignoring network considerations the main reason cloud is less secure than local servers is because of shared infrastructure. Unless you're paying Goog-azon-zure top dollar for dedicated servers your instance is going to be sharing physical hardware with other customers. Side-channel attacks like this allow Nefarious Scumbag A to get one instance and fere

          • If you can break the VM barrier to read arbitrary memory anywhere on the iron, then yes, the security of the cloud is broken. If you don't have a dedicated server, you don't know who you are sharing with.

            • by Tablizer ( 95088 )

              There's a lot of ways to breach dedicated servers also. Focusing on just Intel's cross-process goofs is too narrow a perspective.

          • by sjames ( 1099 )

            The cloud can never be as safe as your own machines. When you set up a VM in the cloud, you're still running it. It's still you making it safe or not. If you can;t secure your own machine in your home or in a colo, you won't do any better running a VM in the cloud.

            The difference is, in the cloud you don't know who else is running a VM on the same host. That opens up an attack surface that doesn't exist when you own your own.

  • by Anonymous Coward

    I'll pencil this one in as "yet another Intel patch I won't be applying in 2018"

  • When the poo hit the AMD fan a few weeks ago it was front page news everywhere, but now that it has been slung back at Intel, it's good to see Ars is not making this article front and center, but rather downplaying it a bit. I actually had to search the front page to find it.
  • by Anonymous Coward

    VMs are safe they said
    You can't break out of your sandbox they said

  • by Anonymous Coward

    "The attacker needs to have access to the targeted system and they must be able to execute arbitrary code."

    Non-news. Move along.

    • Re:TL;DR (Score:4, Insightful)

      by Anonymous Coward on Tuesday March 27, 2018 @06:51PM (#56337571)

      Non-news? Really? You can execute arbitrary code in virtual machines which could allow an attacker to access other running virtual machines or the host itself. This attack surface is absolutely HUGE! All an attacker has to due is get for example an Amazon Web Service instance and then be able to attack anything else running on that host. MASSIVE portions of the Internet run on services like AWS, VPS systems, etc.

      Your browser can also present a target due to running Javascript or similar.

    • by Megol ( 3135005 )

      Need to have access: Internet or any other network will do. No need for physical access.
      Able to execute arbitrary code: many ways to do that.

      Do you realize that Meltdown and the other Spectre exploits that made everyone rush to patch operating systems and user software require both access to a system and the ability to execute arbitrary code? In fact this looks like a variant of the Spectre family using another type of branch predictor manipulation.

      • by Anonymous Coward

        The problem is VMs and cloud computing these days. Someone may not have physical ROOT access to your VM. but if they share a physical host with your VM and have full ROOT access on their VM, they can execute any arbitrary code they want inside their VM, potentially affecting your VM. All these exploits would pretty much be non-issues back in the old days of running a single OS per box on the bare metal. VMs make it a completely different story.

        If these CPU exploits keep popping up, it is going to seriously

  • by Mister Liberty ( 769145 ) on Tuesday March 27, 2018 @07:08PM (#56337655)
    Although I expect Intel to correct that.
  • by Anonymous Coward

    Another day, another Intel CPU vulnerability revealed. I'm beginning to wonder if we wouldn't all be better off using Motorola chips.

    "Second place is first loser," whined the second loser, the third loser, the fourth loser... etc., mistakenly thinking they were being clever.

  • There is no justice ... ... death is the only answer

  • by nehumanuscrede ( 624750 ) on Tuesday March 27, 2018 @08:53PM (#56338137)

    Cue up another " hotfix " that will be deployed half a dozen times before it's ready to screw things up again.
    My condolences in advance if you're running Windows 10 and the unstoppable update machine :|

    • by AmiMoJo ( 196126 )

      Forced updates are a mixed blessing.

      They generally roll them out slowly, so for example on Android app updates don't go to everyone on day one, they ramp up so that any issues can be detected before too many people are affected. Same with Windows 10.

      On the one hand, this means that you might be unlucky and get bricked by a bad update and might be left vulnerable to zero day exploits for a week. On the other hand, for the vast majority of people it's both more reliable than everyone getting the update on Pat

      • They generally roll them out slowly, so for example on Android app updates don't go to everyone on day one, they ramp up so that any issues can be detected before too many people are affected. Same with Windows 10.

        If just one user who wasn't ready to update has a broken update deployed to them that causes even the slightest problem with their computer, then too many users have been affected.

        It's not acceptable for a vendor to push out packages when they want to, unless they warranty your system against failure due to bad patches. That kind of crap causes downtime.

        • by AmiMoJo ( 196126 )

          Okay, but what is your solution?

          Say you were an OS vendor with millions of users, all with different hardware and software configurations. You need to push out a critical security patch, but you obviously can't test with every single user's configuration. What do you do?

          If any downtime at all is unacceptable, it seems like the only option is to leave everyone vulnerable. But then imagine it's a bug like the Apple calendar issues, where after a certain date important features stop working or the device even

          • Okay, but what is your solution?

            Download the patches, and inform the user that they've been downloaded and ask them to install them on their schedule. But never, ever reboot the user's machine without their permission, or put it in a state which requires reboot.

            • by AmiMoJo ( 196126 )

              Okay, so it's just about the timing. Small risk of bricking, but on the user's schedule.

              • Okay, so it's just about the timing. Small risk of bricking, but on the user's schedule.

                No plan is perfect, and there is always a chance of failure. But it must happen on the user's schedule.

  • by ElizabethGreene ( 1185405 ) on Tuesday March 27, 2018 @10:29PM (#56338575)

    It would be nice if they had worked with vendors to disclose this before publishing it. ... or did I miss that?

    • Your definition of "responsible" is rejected. No one has to abide by it. The flaws in Intel's tech has been known for a couple decades and they only move if their butt is metaphorically kicked, and even then they spend weeks just foundering rather than really fixing.

      The major vendors are unworthy of such consideration. Assume the bad guys already know the exploit, that's the proper security mindset.

  • If i have access and can run arbitrary code then I can do whatever on that computer.......... so this isn't really a vulnerability..

Genius is ten percent inspiration and fifty percent capital gains.