scroll down

Intel Chips Face A New Threat In The Shape Of BranchScope Security Flaw And We Aren’t Done Yet With Spectre

Earlier this year Spectre and Meltdown security flaws were made public to which millions of devices worldwide are vulnerable and while Intel not in the clear when it comes to patching these security flaws but, things have become even more difficult as a new security flaw, BranchScope, have been discovered for Intel chips.

Update: According to Intel Spokesperson in an e-mail to us:

“We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side-channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.”

Researchers from College of William and Mary, Carnegie Mellon University in Qatar, University of California Riverside, and Binghamton University have reported BranchScope, a new type of security flaw in Intel chips that is almost as hazardous as the Spectre Security flaw.

The success of the attack largely depends on the ability to perform branch manipulations with precise timing. The attacker controlled OS can easily manipulate victim execution timings. For example, the attacker can configure the Advanced Programmable Interrupt Controller (APIC) in such a way that enclave code is interrupted after several instructions are executed.

Speaking of the security flaws, Intel has noted that it has completely redesigned its upcoming Cascade Lake and Coffee Lake chips to counter Spectre and Meltdown security exploits.

According to Intel CEO Brian Krzanich, with the redesign, the chips will be protected against the Spectre variant 2 and Meltdown variant 3 exploit but for Spectre Variant 1, software patches are still required.

Furthermore, CTS Labs recently reported 13 security exploits for AMD to which virtually all AMD CPUs are vulnerable to and AMD has announced that it will be rolling out fixes in coming weeks.

Source: Softpedia