Since the disclosure of Spectre and Meltdown in January 2018, much research had been done on vulnerabilities related to speculative execution. Woody Leonhard of ComputerWorld expressed a concern about installing the new Microsoft patch. On 29 January 2018, Microsoft was reported to have released a Windows update that disabled the problematic Intel Microcode fix-which had, in some cases, caused reboots, system instability, and data loss or corruption-issued earlier by Intel for the Spectre Variant 2 attack. ![]() ![]() On 28 January 2018, it was reported that Intel shared news of the Meltdown and Spectre security vulnerabilities with Chinese technology companies, before notifying the U.S. As it is not easy to fix, it will haunt us for quite some time." The vulnerability was called Spectre because it was "based on the root cause, speculative execution. It was made public in conjunction with another vulnerability, Meltdown, on 3 January 2018, after the affected hardware vendors had already been made aware of the issue on 1 June 2017. Microsoft Vulnerability Research extended it to browsers' JavaScript JIT engines. Spectre proper was discovered independently by Jann Horn from Google's Project Zero and Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp, and Yuval Yarom. In January 2017, Anders Fogh gave a presentation at the Ruhr University Bochum about automatically finding covert channels, especially on processors with a pipeline used by more than one processor core. This technique was used to successfully attack GnuPG, AES and other cryptographic implementations. If it was read from the cache the access time would be very short, meaning the data read could contain the private key of encryption algorithms. In 2013 Yuval Yarom and Katrina Falkner from the University of Adelaide showed how measuring the access time to data lets a nefarious application determine if the information was read from the cache or not. In 2005, Daniel Bernstein from the University of Illinois, Chicago reported an extraction of an OpenSSL AES key via a cache timing attack, and Colin Percival had a working attack on the OpenSSL RSA key using the Intel processor's cache. In 20, Yukiyasu Tsunoo and colleagues from NEC showed how to attack MISTY and DES symmetric key ciphers, respectively. On 8 October 2018, Intel was reported to have added hardware and firmware mitigations regarding Spectre and Meltdown vulnerabilities to its latest processors. In early 2018, Intel reported that it would redesign its CPUs to help protect against the Spectre and related Meltdown vulnerabilities (especially, Spectre variant 2 and Meltdown, but not Spectre variant 1). ![]() A website can read data stored in the browser for another website, or the browser's memory itself. JIT engines used for JavaScript were found to be vulnerable. Two Common Vulnerabilities and Exposures IDs related to Spectre, CVE- 2017-5753 (bounds check bypass, Spectre-V1, Spectre 1.0) and CVE- 2017-5715 (branch target injection, Spectre-V2), have been issued. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. These affect modern microprocessors that perform branch prediction and other forms of speculation. Spectre refers to one of the two original transient execution CPU vulnerabilities (the other being Meltdown), which involve microarchitectural timing side-channel attacks. ![]() A logo created for the vulnerability, featuring a ghost with a branchĪll pre-2019 microprocessors that use branch prediction
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |