HardwareNews

BranchScope and Specter 2, the new vulnerabilities that affect the speculative prediction of processors

Photo of Roberto Solé Robert Sole Follow on Send an email 29 March, 2018
0 784 1 minute of reading
intel branchscope specter 2
intel branchscope specter 2

A new vulnerability has been detected in current processors, called BranchScope and Specter 2, also related to speculative prediction of processors.

On January 3, 2018, the worst year in terms of computer security in history began, since it was when the Specter and Meltdown vulnerabilities were uncovered, which mainly affected Intel, but also affected AMD and ARM. Failures are based on speculative execution, which is based on getting work done before it happens, in order to improve performance. Now the universities of the towns of Riverside and Binghamton, in California, have found two new security flaws, called BranchScope and Specter 2.

Researchers from the College of William and Mary and Carnegie Mellon University have revealed that a specific computer attack can take advantage of the speculative execution of the most modern processors, to steal private information, but also allows to completely violate operating system security. They have been named BranchScope and Specter 2 and are based on prediction of bifurcations. This tool developed has been created to take advantage of the temporary storage of data in the processor's cache memory, to modify the automatic deletion system and thus access private data.

BranchScope and Specter 2 are based on the branch prediction system in the processors. BranchScope attacks on PHT and Specter 2 attacks on BTB. Both vulnerabilities need updates at the software level and also at the hardware level, although they can be mitigated at the software level.

How problematic these vulnerabilities are in terms of potentially insecure software is unknown. The positive part is that in order to perpetrate an attack of this type, it is necessary to execute the code in the system, to be able to launch an attack that allows access to user data.

Speculative execution is especially important, especially on high-performance systems. As far as we know, there is still no type of solution that reliably corrects the problem on these security problems. Correcting this problem does not seem likely to affect system performance.

Source: Hexus

Photo of Roberto Solé Robert Sole Follow on Send an email 29 March, 2018
0 784 1 minute of reading
Show more
Photo of Roberto Solé

Robert Sole

Director of Contents and Writing of this same website, technician in renewable energy generation systems and low voltage electrical technician. I work in front of a PC, in my free time I am in front of a PC and when I leave the house I am glued to the screen of my smartphone. Every morning when I wake up I walk across the Stargate to make some coffee and start watching YouTube videos. I once saw a dragon ... or was it a Dragonite?

Related publications

red dead redemption 2 pc

Red Dead Redemption 2: They're not making DLCs outside of online mode

September 29, 2019
bitcoin switzerland ico

Switzerland allows Payment21 to be the first to operate with Bitcoin in the country, in a regulated manner

October 19, 2017
gigabyte amd 2

More AMD Ryzen motherboards spotted at CES 2017

5 January 2017
CPU-Loongson-3A4000-economic-computer

Loongson 3A4000 CPU will be sold in a mini-pc for 400 euros

September 7, 2020

Leave your comment

Your email address will not be published. Required fields are marked with *

Button back to top
CLOSE

Ad blocker detected

This site is funded through the use of advertising. We always make sure that the advertising is not too intrusive for the reader and we prioritize the reader's experience on the website. However, if you block the ads, part of our funding will be reduced.