A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users' CPUs.
Speculative execution is the same CPU function exploited by the Meltdown and Spectre flaws disclosed at the start of the year, but the attack researchers found is different from previous flaws, as it attacks a new section of the speculative execution process.
Researchers named this new technique BranchScope because it attacks the "branch prediction" operation —which is the same part of a CPU speculative execution process that the Spectre variant 2 (CVE-2017-5715) vulnerability also targets.
To understand how modern CPUs use speculative execution and branch prediction, there's an explanation at the 00:35 mark in this Intel video below.
As the video explains, branch prediction is the phase when a CPU decides what operation to compute in advance, in its attempt to predict the outcome of a computer process, as part of the speculative execution optimization feature.
The BranchScope technique allows attackers to make this decision instead of the CPU (similar to the "flag person" example from the video above).
This way, attackers can direct speculative execution in certain areas of the CPU memory and extract information that would have been previously inaccessible.
The entire BranchScope vulnerability is eerily identical to how Spectre variant 2 works. But while Spectre variant 2 targeted the Branch Target Buffer, a cache component for branch prediction operations, BranchScope attacks the "directional branch predictor," a process that decides what "speculative" operations to execute (aka what branches to take).
Academics say that BranchScope is the first side-channel attack that targets "direction prediction" and that the technique can also be used to retrieve content stored inside SGX enclaves, secure areas of Intel CPUs, previously thought to be untouchable.
The research team also tested their technique in field tests and said they successfully retrieved data from three recent Intel x86_64
processors — Sandy Bridge, Haswell, and Skylake. The team said the attack can be launched from user space (no admin rights) and has an error rate of less than 1%.
Researchers also say that because this is a novel attack, there are no mitigations currently in place for BranchScope attacks. Spectre patches (meant to fix TBT-based attacks) are ineffective against BranchScope, they said. Patching BranchScope shouldn't be a problem, though, as researchers say that both software and hardware-level mitigations can be applied, both detailed in their work.
But in a statement, Intel said that software-level patches shipped for previous side-channel attacks should also mitigate BranchScope.
"We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits," an Intel spokesperson said. "We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers."
The research paper describing this new side-channel attack is entitled "BranchScope: A New Side-Channel Attack on Directional Branch Predictor," [1, 2] and will be presented tomorrow at the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2018).
Article updated with Intel statement.