Experts have discovered a new way to execute side-channel attacks on some of Intel's latest processors and warned that if users fail to protect their devices, they risk losing sensitive data to cybercriminals.
Security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen detailed an attack they dubbed Indirector, which abuses vulnerabilities found in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to bypass chip defenses and obtain sensitive data.
Both Raptor Lake and Alder Lake were said to be susceptible to the Indirector.
A patch is available
IBP is a hardware component that predicts the target addresses of indirect branches (control flow instructions). Since the address is calculated at runtime, IBP uses a combination of global history and branch address to predict the target address of indirect branches, the researchers explained.
In other words, IBPs are vulnerable and allow attackers to execute branch target injection (BTI) attacks, which in turn grant them the ability to obtain sensitive information directly from the drive. To do this, researchers created a tool called iBranch Locator.
The researchers alerted Intel about their findings earlier this year, and while the company acknowledged their discovery, it said previous fixes also address this method.
“Intel reviewed the report submitted by academic researchers and determined that previous mitigation guidelines provided for issues such as IBRS, eIBRS, and BHI are effective against this new research and no new mitigations or guidelines are required,” a company spokesperson told The Hacker News.
Similar to the Spectre and Meltdown vulnerabilities from a few years ago, this method also relies on speculative execution. This is a feature used by most modern CPUs, where chips “speculate” the path of a branch and execute instructions in advance to improve performance. Patching such flaws often results in reduced processor performance.
Through Hackers News