Tuesday, July 23, 2024
EHA

New Spectre Vulnerability Let Hackers Attack Billions of Computers

The teams of security researchers at the University of Virginia and California (USA) have recently identified a very new Spectre-like attack on computer hardware.

According to the report, this attack enables data to be stolen when the processor grabs instructions from its micro-op cache.

This vulnerability affects billions of computers and several devices globally. As per the researchers, this vulnerability is quite critical and it will be much more difficult to fix, unlike the previous speculative execution vulnerabilities.

However, this new method of attack has come up with all new techniques and source and, that’s why it makes more difficult for the experts to fix this vulnerability.

While the methods that have been used in this attack, are affecting the Intel and AMD-based systems, which were released in 2011. Apart from that it also includes the Intel Skylake and AMD Zen series.

Security fixes critically affecting the performance

After going through all the details regarding this Spectre attack, the cybersecurity analysts estimated that the realization of a patch for this vulnerability will be more difficult, and it also has quite serious consequences on the system performance.

The experts pronounced that this cache is fundamentally different from higher-level caches. And it is not easily accessible, as well as it also acts as a stream buffer to quickly get the results of the decoding of CISC instructions in a RISC microinstruction.

“Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software” researchers said.

The original Spectre vulnerabilities that were attacking billions of computers were partially fixed for a certain period.

Moreover, Microsoft has initially implemented some protection and Intel redesigned the next-generation chips. So, for now, it is very difficult to protect the chips completely.

Difficult to mitigate

As we stated above that this is one of the complicated vulnerabilities to disable. But, the most difficult part is to predict the instructions, that’s the reason why the current mitigations are failing to protect the computer from this new attack vector.

But, some optimal methods like, one can be proposed to block these types of attacks not by disabling caching, but by monitoring the irregularities and speculating all the typical cache that come under these attacks.

However, the main issue is that the level of the microinstruction cache is very low as compare to the level at which vulnerabilities like Spectre work. 

This is the main reason that why Spectre vulnerability protection is not working against this new vulnerability. 

Apart from this, the new vulnerability attacks are having all primitive layers in processor architectures, therefore it is severely affecting the performance of both Intel and AMD processors.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....

Hackers Registered 500k+ Domains Using Algorithms For Extensive Cyber Attack

Hackers often register new domains for phishing attacks, spreading malware, and other deceitful activities. Such...

Hackers Claim Breach of Daikin: 40 GB of Confidential Data Exposed

Daikin, the world's largest air conditioner manufacturer, has become the latest target of the...

Emojis Are To Express Emotions, But CyberCriminals For Attacks

There are 3,664 emojis that can be used to express emotions, ideas, or objects...

Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre

SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024,...

Data Breach Increases by Over 1,000% Annually

The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support...

UK Police Arrested 17-year-old Boy Responsible for MGM Resorts Hack

UK police have arrested a 17-year-old boy from Walsall in connection with a notorious...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles