14 DAY TRIAL // While we're not yet done with the Meltdown and Spectre security flaws that put billions of devices at risk of attacks, security researchers have discovered a new wave of attacks called BranchScope.
What's BranchScope? It's a new side-channel attack discovered by four security researchers from College of William and Mary, Carnegie Mellon University in Qatar, University of California Riverside, and Binghamton University, which could affect devices powered by Intel processors and which may be immune to the Meltdown and Spectre mitigations.
According to their paper, even if they are a bit more sophisticated, the BranchScope attacks can do the same damage as the Spectre and Meltdown flaws, in the way that an attacker can exploit the security vulnerability to retrieve sensitive data from the unpatched system, including passwords and encryption keys, by manipulating the shared directional branch predictor.
"The success of the attack largely depends on the ability to perform branch manipulations with precise timing," reads the paper. "The attacker controlled OS can easily manipulate victim execution timings. For example, the attacker can configure the Advanced Programmable Interrupt Controller (APIC) in such a way that enclave code is interrupted after several instructions are executed."
Sandy Bridge, Haswell, and Skylake processors affected
The researchers have demonstrated the BranchScope attack on three recent Intel Core i5 and Core i7 x86_64 (64-bit) processor families, including Sandy Bridge, Haswell, and Skylake. The worst part of these attacks is that BranchScope can be extended, offering attackers additional tools to perform more advanced and flexible attacks that target even applications running inside Intel SGX (Software Guard Extensions) enclaves.
In their paper, which is a must read if you want to learn everything there is to know about the BranchScope vulnerability, the security researchers have proposed software- and hardware-based mitigations for the BranchScope attacks. Therefore, we expect Intel to release new microcode updates for its processors that also fully patch the BranchScope vulnerability, so make sure you always keep your systems up-to-date.
UPDATE: An Intel spokesperson has provided us with the following statement:
“We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.”