The teams of security researchers at the University of Virginia and California (USA) have recently identified a very new Spectre-like attack on computer hardware.
According to the report, this attack enables data to be stolen when the processor grabs instructions from its micro-op cache.
This vulnerability affects billions of computers and several devices globally. As per the researchers, this vulnerability is quite critical and it will be much more difficult to fix, unlike the previous speculative execution vulnerabilities.
However, this new method of attack has come up with all new techniques and source and, that’s why it makes more difficult for the experts to fix this vulnerability.
While the methods that have been used in this attack, are affecting the Intel and AMD-based systems, which were released in 2011. Apart from that it also includes the Intel Skylake and AMD Zen series.
Security fixes critically affecting the performance
After going through all the details regarding this Spectre attack, the cybersecurity analysts estimated that the realization of a patch for this vulnerability will be more difficult, and it also has quite serious consequences on the system performance.
The experts pronounced that this cache is fundamentally different from higher-level caches. And it is not easily accessible, as well as it also acts as a stream buffer to quickly get the results of the decoding of CISC instructions in a RISC microinstruction.
“Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software” researchers said.
The original Spectre vulnerabilities that were attacking billions of computers were partially fixed for a certain period.
Moreover, Microsoft has initially implemented some protection and Intel redesigned the next-generation chips. So, for now, it is very difficult to protect the chips completely.
Difficult to mitigate
As we stated above that this is one of the complicated vulnerabilities to disable. But, the most difficult part is to predict the instructions, that’s the reason why the current mitigations are failing to protect the computer from this new attack vector.
But, some optimal methods like, one can be proposed to block these types of attacks not by disabling caching, but by monitoring the irregularities and speculating all the typical cache that come under these attacks.
However, the main issue is that the level of the microinstruction cache is very low as compare to the level at which vulnerabilities like Spectre work.
This is the main reason that why Spectre vulnerability protection is not working against this new vulnerability.
Apart from this, the new vulnerability attacks are having all primitive layers in processor architectures, therefore it is severely affecting the performance of both Intel and AMD processors.