Friday, March 29, 2024

New Spectre Vulnerability Let Hackers Attack Billions of Computers

The teams of security researchers at the University of Virginia and California (USA) have recently identified a very new Spectre-like attack on computer hardware.

According to the report, this attack enables data to be stolen when the processor grabs instructions from its micro-op cache.

This vulnerability affects billions of computers and several devices globally. As per the researchers, this vulnerability is quite critical and it will be much more difficult to fix, unlike the previous speculative execution vulnerabilities.

However, this new method of attack has come up with all new techniques and source and, that’s why it makes more difficult for the experts to fix this vulnerability.

While the methods that have been used in this attack, are affecting the Intel and AMD-based systems, which were released in 2011. Apart from that it also includes the Intel Skylake and AMD Zen series.

Security fixes critically affecting the performance

After going through all the details regarding this Spectre attack, the cybersecurity analysts estimated that the realization of a patch for this vulnerability will be more difficult, and it also has quite serious consequences on the system performance.

The experts pronounced that this cache is fundamentally different from higher-level caches. And it is not easily accessible, as well as it also acts as a stream buffer to quickly get the results of the decoding of CISC instructions in a RISC microinstruction.

“Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software” researchers said.

The original Spectre vulnerabilities that were attacking billions of computers were partially fixed for a certain period.

Moreover, Microsoft has initially implemented some protection and Intel redesigned the next-generation chips. So, for now, it is very difficult to protect the chips completely.

Difficult to mitigate

As we stated above that this is one of the complicated vulnerabilities to disable. But, the most difficult part is to predict the instructions, that’s the reason why the current mitigations are failing to protect the computer from this new attack vector.

But, some optimal methods like, one can be proposed to block these types of attacks not by disabling caching, but by monitoring the irregularities and speculating all the typical cache that come under these attacks.

However, the main issue is that the level of the microinstruction cache is very low as compare to the level at which vulnerabilities like Spectre work. 

This is the main reason that why Spectre vulnerability protection is not working against this new vulnerability. 

Apart from this, the new vulnerability attacks are having all primitive layers in processor architectures, therefore it is severely affecting the performance of both Intel and AMD processors.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles