One of the Worst Hacks of All Time Is Back

It was huge news back in 2018. Researchers had discovered a vulnerability that affected nearly all processors manufactured in the previous few years. They called it Spectre, and appropriately so — the, ahem, specter of this exploit loomed over the computer manufacturing world.

You can install all the antivirus software you want, but if the problem is way down deep in the hardware of the computer itself, it’s not really going to help you.

Luckily, CPU manufacturers eventually released fixes that mitigated that problem. And for a while, all was well.

At least, until this week, when a group of American researchers published a paper outlining three new ways to exploit Spectre. Unfortunately, this time the fixes will be a lot trickier.

A logo created for the Spectre family of exploits. (Public Domain)

Spectre relies on a key feature of modern processors. Rather than sitting around and waiting for you to tell them what to do, they use something called speculative execution, where they predict whatever you’re most likely to tell them to do next, then sort of get started on it in the meantime.

That way, if you do end up asking the processor to do something that lines up with those predictions, it’ll already have the results ready to go. This technology seriously speeds things up, and it conserves power to boot.

Then, in 2018, researchers announced that as convenient as speculative execution was, it was also seriously insecure. There were a lot of different ways to exploit it, but the main vulnerability had to do with timing. It turned out that by measuring how long the processor takes to get through certain instructions, then doing a whole bunch of fancy processing, you could actually reveal a lot of the data the processor was handling.

That was … problematic.

It took almost a year, but processor manufacturers eventually addressed nearly all of the possible Spectre strategies and released updates to protect computers against them. There are a few older chips that might still be vulnerable to certain versions of the hack, but for those users Intel sort of threw their hands up and said you’re on your own.

Still, at least people were mostly protected. That is, until now.

The three exploits outlined in the new paper all have to do with what’s known as the micro-op cache.

Basically, once the processor uses speculative execution to come up with a complicated instruction to prep, it breaks down that instruction into simpler component parts. These simpler instructions get stored in the micro-op cache.

Again, this is hugely important for performance and power optimization. But it turns out that there are a whole bunch of ways to use it to steal data based on what the processor is doing. Those are the exploits outlined in this new paper.

So, we’re back to square one.

Apparently, the researchers told the major chip manufacturers, Intel and AMD, about the exploits before publishing the paper. But no fixes have been released yet, and the researchers think addressing the vulnerabilities will lead to serious performance slowdowns.

It’s a problem. There’s really no easy way around this.

How the manufacturers choose to address these issues remains to be seen. In the meantime, these aren’t easy vulnerabilities to exploit, which might be a small comfort.

One thing’s for sure, though: The CPU manufacturing business is facing a reckoning. And if they don’t find ways to fix these problems in prior and future generations of chips, we’re all in trouble.

--

--

--

Software developer and science/tech writer. Python, Ruby on Rails, JavaScript, React/Redux, Java. Fascinated by the amazing stories behind today’s tech.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Weekly Blockchain Security Report by Fairyproof- Feb 21 to Feb 27

{UPDATE} Word Academy © Hack Free Resources Generator

How does Numio simplify blockchain? — Part 2 (Numio Pay)

{UPDATE} Crosswords With Friends Hack Free Resources Generator

What is Proxy Server?

The Power of a Secret

Community Prediction Proposal

Over-reliance On Algorithms: Why Tech Scandals Never Cease

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alyssa Lerner First

Alyssa Lerner First

Software developer and science/tech writer. Python, Ruby on Rails, JavaScript, React/Redux, Java. Fascinated by the amazing stories behind today’s tech.

More from Medium

Drones — the newest attraction at theme parks

Grim Dawn’s Xbox Port Has Problems

Raspberry Pi for Beginners 2021 Edition (Mac+PC)

The Lawn Mower