Experts have discovered a new way to launch side-channel attacks on some of Intel’s latest processors, and are warning users who fail to secure their devices that they risk losing sensitive data to cybercriminals.
Security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen described an attack they dubbed Indirector, which exploits vulnerabilities in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to bypass the chip’s defenses and obtain key data.
It was said that both Raptor Lake and Alder Lake were susceptible to Indirector.
A patch is available
IBP is a hardware component that predicts the destination addresses of indirect branches (control flow instructions). Since the address is calculated at runtime, the IBP uses a combination of global history and branch address to predict the destination address of indirect branches, the researchers explained.
In other words, IBPs are vulnerable and allow attackers to perform Branch Target Injection (BTI) attacks, which in turn give them the ability to grab sensitive information directly from the unit. To achieve that goal, the researchers built a tool called iBranch Locator.
The researchers alerted Intel to their findings earlier this year. The company acknowledged their discovery but said previous solutions also addressed this method.
“Intel has reviewed the report from academic researchers and has concluded that previous mitigation guidance for issues such as IBRS, eIBRS, and BHI is effective against this new research and that no new mitigation or guidance is necessary,” a company spokesperson told The Hacker News.
Similar to the Spectre and Meltdown vulnerabilities from a few years ago, this method also relies on speculative execution. That’s a feature that most modern CPUs use, where the chips “speculate” the path of a branch, executing instructions in advance to improve performance. Patching these types of flaws usually degrades the performance of the processors.
Through TheHackerNews