Friday, April 19, 2024

New Spectre Vulnerability Let Hackers Attack Billions of Computers

The teams of security researchers at the University of Virginia and California (USA) have recently identified a very new Spectre-like attack on computer hardware.

According to the report, this attack enables data to be stolen when the processor grabs instructions from its micro-op cache.

This vulnerability affects billions of computers and several devices globally. As per the researchers, this vulnerability is quite critical and it will be much more difficult to fix, unlike the previous speculative execution vulnerabilities.

However, this new method of attack has come up with all new techniques and source and, that’s why it makes more difficult for the experts to fix this vulnerability.

While the methods that have been used in this attack, are affecting the Intel and AMD-based systems, which were released in 2011. Apart from that it also includes the Intel Skylake and AMD Zen series.

Security fixes critically affecting the performance

After going through all the details regarding this Spectre attack, the cybersecurity analysts estimated that the realization of a patch for this vulnerability will be more difficult, and it also has quite serious consequences on the system performance.

The experts pronounced that this cache is fundamentally different from higher-level caches. And it is not easily accessible, as well as it also acts as a stream buffer to quickly get the results of the decoding of CISC instructions in a RISC microinstruction.

“Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software” researchers said.

The original Spectre vulnerabilities that were attacking billions of computers were partially fixed for a certain period.

Moreover, Microsoft has initially implemented some protection and Intel redesigned the next-generation chips. So, for now, it is very difficult to protect the chips completely.

Difficult to mitigate

As we stated above that this is one of the complicated vulnerabilities to disable. But, the most difficult part is to predict the instructions, that’s the reason why the current mitigations are failing to protect the computer from this new attack vector.

But, some optimal methods like, one can be proposed to block these types of attacks not by disabling caching, but by monitoring the irregularities and speculating all the typical cache that come under these attacks.

However, the main issue is that the level of the microinstruction cache is very low as compare to the level at which vulnerabilities like Spectre work. 

This is the main reason that why Spectre vulnerability protection is not working against this new vulnerability. 

Apart from this, the new vulnerability attacks are having all primitive layers in processor architectures, therefore it is severely affecting the performance of both Intel and AMD processors.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles