One of the Worst Hacks of All Time Is Back
Almost everyone is vulnerable.
It was huge news back in 2018. Researchers had discovered a vulnerability that affected nearly all processors manufactured in the previous few years. They called it Spectre, and appropriately so — the, ahem, specter of this exploit loomed over the computer manufacturing world.
You can install all the antivirus software you want, but if the problem is way down deep in the hardware of the computer itself, it’s not really going to help you.
Luckily, CPU manufacturers eventually released fixes that mitigated that problem. And for a while, all was well.
At least, until this week, when a group of American researchers published a paper outlining three new ways to exploit Spectre. Unfortunately, this time the fixes will be a lot trickier.
Spectre relies on a key feature of modern processors. Rather than sitting around and waiting for you to tell them what to do, they use something called speculative execution, where they predict whatever you’re most likely to tell them to do next, then sort of get started on it in the meantime.
That way, if you do end up asking the processor to do something that lines up with those predictions, it’ll already have the results ready to go. This technology seriously speeds things up, and it conserves power to boot.
Then, in 2018, researchers announced that as convenient as speculative execution was, it was also seriously insecure. There were a lot of different ways to exploit it, but the main vulnerability had to do with timing. It turned out that by measuring how long the processor takes to get through certain instructions, then doing a whole bunch of fancy processing, you could actually reveal a lot of the data the processor was handling.
That was … problematic.
It took almost a year, but processor manufacturers eventually addressed nearly all of the possible Spectre strategies and released updates to protect computers against them. There are a few older chips that might still be vulnerable to certain versions of the hack, but for those users Intel sort of threw their hands up and said you’re on your own.
Still, at least people were mostly protected. That is, until now.
The three exploits outlined in the new paper all have to do with what’s known as the micro-op cache.
Basically, once the processor uses speculative execution to come up with a complicated instruction to prep, it breaks down that instruction into simpler component parts. These simpler instructions get stored in the micro-op cache.
Again, this is hugely important for performance and power optimization. But it turns out that there are a whole bunch of ways to use it to steal data based on what the processor is doing. Those are the exploits outlined in this new paper.
So, we’re back to square one.
Apparently, the researchers told the major chip manufacturers, Intel and AMD, about the exploits before publishing the paper. But no fixes have been released yet, and the researchers think addressing the vulnerabilities will lead to serious performance slowdowns.
It’s a problem. There’s really no easy way around this.
How the manufacturers choose to address these issues remains to be seen. In the meantime, these aren’t easy vulnerabilities to exploit, which might be a small comfort.
One thing’s for sure, though: The CPU manufacturing business is facing a reckoning. And if they don’t find ways to fix these problems in prior and future generations of chips, we’re all in trouble.