ETH Lausanne and IBM discovers SmoTherSpectre hardware vulnerability

[German]here is a new vulnerability, called SmoTherSpectre, in computer hardware that was discovered by researchers at the Swiss Federal Institute of Technology (ETH) Lausanne together with security researchers from IBM.


In 2018 Meltdown and Spectre were announced

Last year, the so-called Spectre and Meltdown security vulnerabilities made headlines when they were discovered to affect the Intel CPUs in most laptop and desktop computers and servers. Now researchers in the laboratories of the HexHive and Parallel Systems Architecture (PARSA) of the EPFL School of Computer and Communication Sciences, in collaboration with IBM researchers, have identified a deeper, and therefore more widespread, vulnerability in current CPUs affecting laptop, desktop and server hardware. The EPFL Communication can be found here.

SmoTherSpectre enables access to data

The new attack method called SmoTherSpectre is described in this document and, similar to Spectre and Meltdown, uses a speculative side channel attack on the CPU to access information from other processes. 

Background: Modern CPUs implement a mechanism that processes many instructions simultaneously. Instead of waiting for the branch instructions to complete their execution, these CPUs guess which target is being used and execute these instructions speculatively. If the guess was correct, the speculatively executed statements are transmitted. This improves CPU performance. If the wrong instructions were executed, they are simply discarded. These discarded but executed instructions result in the so-called "side channel", which allows an attacker to tap information.

The Meltdown and Spectre attacks also use speculative execution for their side-channel attacks. But the new and so far unique approach of the EPFL researchers goes to the root of such weak points: Port conflicts, which arise when a series of instructions that are to be executed simultaneously on a CPU are delayed due to planning conflicts. An SMoTherSpectre attack takes advantage of port competition to determine which statements were executed speculatively.

"SMoTherSpectre times the instruction sequences that are executed speculatively, allowing an attacker to infer what sequences of instructions have been executed, and pinpoint what is being done," explains HexHive chief and EPFL professor Mathias Payer.


No simple fix

Payer says this vulnerability is particularly difficult to fix because it affects CPU hardware rather than software. "Even if a software program is 100% safe from attack, it can be affected by this vulnerability. The solutions are all difficult to implement and all have an impact on performance or cost," adds Payer.

According to Payer, Intel will need to update future versions of its CPUs to fix the problem. The researchers have exposed the SMoTherSpectre attack to Intel, AMD, OpenSSL and IBM. At the same time, the complete results were published in the online database arXiv and the technical details were described in a blog post.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *