www.design-reuse-embedded.com
Find Top SoC Solutions
for AI, Automotive, IoT, Security, Audio & Video...

Intel processors: Researchers discover new vulnerabilities

Jul. 24, 2018 – 

Giorgi Maisuradze and Prof. Dr. Christian Rossow discovered that the ret2spec (return-to-speculation) vulnerability again enables attackers to read data without authorization. At least all Intel processors of the past ten years are affected by the vulnerabilities. Similar attack mechanisms could probably also be derived for ARM and AMD processors.

This fifth and hitherto unknown vulnerability in CPUs will be presented at the ACM Conference on Computer and Communications Security (CCS) in Toronto (Canada) in October. "The security gap is caused by CPUs predicting a so-called return address for runtime optimization," says Rossow. "If an attacker can manipulate this prediction, he gains control over speculatively executed program code. It can read out data via side channels that should actually be protected from access."

It is therefore possible, for example, for malicious web pages to read the memory of the browser to steal critical data such as stored passwords or to accept browser sessions. A slight variation of the attack even makes it possible to read the memory contents of other processes, for example to read password entries from other users. "Both variations can be understood as an inverse spectre attack, since return addresses are now also used in ret2spec - instead of forward jump addresses as in spectre," says Rossow.

Click here to read more

 Back

Partner with us

Visit our new Partnership Portal for more information.

Submit your material

Submit hot news, product or article.

List your Products

Suppliers, list and add your products for free.

More about D&R Privacy Policy

© 2018 Design And Reuse

All Rights Reserved.

No portion of this site may be copied, retransmitted,
reposted, duplicated or otherwise used without the
express written permission of Design And Reuse.