Indian-origin scientist, Telecom News, ET Telecom

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Billions of computers at hacking risk: Indian-origin scientistNew Delhi: An Indian-origin researcher has warned that billions of computers and other devices across the globe are vulnerable today owing to a vulnerability named ‘Spectre’ that was first discovered in 2018 but is open to hackers again.

Since ‘Spectre’ was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.

However, researchers, led by Ashish Venkat at the University of Virginia’s School of Engineering and Applied Science, UVA Engineering, discovered that computer processors are open to hackers again.

They found a whole new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process.

Micro-op caches have been built into Intel computers manufactured since 2011.

Venkat’s team discovered that hackers could steal data when a processor fetches commands from the micro-op cache.

“Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,” Venkat said.

A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline.

“Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password,” he elaborated.

Because all current ‘Spectre’ defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat’s team’s new attacks.

Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.

“Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting…

Source…