All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago.
A paper published on Friday by a team of computer scientists from the University of Virginia and the University of California, San Diego, describes how all modern AMD and Intel chips with micro-op caches are vulnerable to this new line of attack, given that it breaks all defenses. That includes all Intel chips that have been manufactured since 2011, which all contain micro-op caches.
The vulnerability in question is called Spectre because it’s built into modern processors that perform branch prediction. It’s a technique that makes modern chips as speedy as they are by performing what’s called “speculative execution,” where the processor predicts instructions it might end up executing and prepares by following the predicted path to pull the instructions out of memory. If the processor stumbles down the wrong path, the technique can leave traces that may make private data detectable to attackers. One example is when data accesses memory: if the speculative execution relies on private data, the data cache gets turned into a side channel that can be squeezed for the private data through use of a timing attack.
The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains in a writeup from the University of Virginia. Even though the processor quickly realizes its mistake and does a U-turn to go down the right path, attackers can get at the private data while the processor is still heading in the wrong direction.
Om Moolchandani, co-founder, CTO, CISO and research team leader at Accurics, said that this is going to be a widespread problem. “Any x86 type multi-core processor could be affected: essentially all modern 32- and 64-bit PC processors and the vast majority of typical server hardware,” he told Threatpost in an email on Monday. Non-x86 processors such as ARM, MIPS, and RISC V, etc. aren’t expected to be affected.
Back to the Drawing Board
The findings are going to obliterate a pile of work done by those who’ve been working hard to fix Spectre, the team says. “Since Spectre was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much. They will have to go back to the drawing board,” according to UVA’s writeup.
The new lines of attack demolish current defenses because they only protect the processor in a later stage of speculative execution. The team was led by UVA Engineering Assistant Professor of Computer Science Ashish Venkat, who picked apart Intel’s suggested defense against Spectre, which is called LFENCE. That defense tucks sensitive code into a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute, he explained. “But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.”
Kiss That Precious Performance Goodbye
Venkat says we can think about the potential attacks as being something like “a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway.
“A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password,” Venkat said.
According to team member UVA Ph.D. student Logan Moody, the new attacks are going to pour cement shoes onto the feet of modern chips. “In the case of the previous Spectre attacks, developers have come up with a relatively easy way to prevent any sort of attack without a major performance penalty for computing,” Moody said. “The difference with this attack is you take a much greater performance penalty than those previous attacks.”
Moolchandani described the performance drag like this: “The affected parts of the computer focus specifically on improving performance by reading information from relatively slow components such as external memory in anticipation of what will be needed. This so-called speculative execution cache greatly improves performance by ensuring that data is available when it’s needed, similar to the effect of an assembly line in manufacturing. The vulnerability is in the mechanics of how that assembly line works, and any patch will necessarily affect the efficiency of that process. We intuitively know it will reduce performance, and any performance impact will be magnified because it is buried so deep in the inner workings of the processor.”
How Likely Are Attacks?
Moolchandani told Threatpost that as far as the direct impact of attacks on organizations, end-users and consumers go, the worry will concern attackers’ ability to dig secrets out of the nooks and crannies of processors “It would be very difficult to create a focused attack looking for specific information,” he said in an email. “Instead, attacks are expected to take the form of passive surveillance, collecting random information. That information is collected from deep inside the processor, though, and could contain anything processed by the computer.”
Given the structure of chips and this newly discovered flaw, even encryption won’t save our data, he said.
“Because of the way it’s gathered, encrypted information is not safe from attacks – it can be collected by criminals after decryption has taken place,” Moolchandani said. “They could even access arbitrary data stored on the hard drive which hasn’t been accessed in a very long time. While they cannot control what information they might be able to see, attackers can still target specific organizations or domains to increase the chance of finding interesting information, for example, large e-commerce sites which process payment data, or government-aligned organizations which might process classified information, etc.”
The research team reported their findings to international chip makers in April and plan to present at the International Symposium on Computer Architecturem, ISCA, which will be held virtually in June.
5/3/21 16:11 UPDATE 1: Intel emailed the following statement to Threatpost: “Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed.”
5/3/21 22:47 UPDATE 2: Expect this to be a heated, if virtual, debate at ISCA. After Intel sent out its statement, UVA’s Venkat responded with this emailed response: “We’re aware of these guidelines from Intel suggesting that software developers … write code in a way that is not vulnerable to side-channel attacks. Here’s an excerpt from the Intel article: ‘Developers who wish to protect secret data against timing side-channel methods should ensure that their code runtime, data access patterns, and code access patterns are identical independent of secret values.’
“Certainly, we agree that software needs to be more secure, and we agree as a community that constant-time programming is an effective means to writing code that is invulnerable to side-channel attacks. However, the vulnerability we uncover is in hardware, and it is important to also design processors that are secure and resilient against these attacks.
“In addition, constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software. The percentage of code that is written using Constant Time principles is in fact quite small. Relying on this would be dangerous. That is why we still need to secure the hardware.”
Download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!