Updated on May 4: Intel provided Laptop Mag a statement claiming the latest risks have already been mitigated, and that devs who have already followed Intel's instructions don't need to take any further measures.
Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at the University of Virginia School of Engineering, responded to Intel's comment by encouraging the company to implement hardware-based protections and outlined shortcomings of relying on devs to make software patches.
The Spectre exploit is once again haunting chipmakers as security researchers have discovered multiple new variants affecting both Intel and AMD processors. Unfortunately, none of the patches released for previous Spectre versions mitigate against these newcomers.
To get you caught up, Spectre (alongside Meltdown) was a devastating flaw discovered in 2018 that affected chips produced by Intel and AMD. In the wrong hands, someone could steal your password and personal information from apps running on devices with Intel and AMD chips.
- Best VPN service to protect your browsing
- Best 2-in-1 laptop you can buy today
- These are the best cheap laptop deals around
The exploits forced companies to quickly release patches and made Intel redesign its chips after it was discovered that the flaw, which affected everything from PCs to servers to smartphones, had been hiding in chip designs for more than 20 years.
Now Spectre has returned. Researchers from the University of Virginia and the University of California San Diego determined that the new variants leak data via micro-op caches, which are used to speed up processing by storing simple commands so CPUs can grab them quickly.
Every AMD (since 2017) and Intel (since 2011) chip uses micro-op caches so they are all theoretically vulnerable to this attack. The security researchers who discovered these variants listed three possible ways a CPU could be infiltrated.
- A same thread cross-domain attack that leaks secrets across the user- kernel boundary;
- A cross-SMT thread attack that transmits secrets across two SMT threads running on the same physical core, but different logical cores, via the micro-op cache;
- Transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution.
Spectre exploit: Are you at risk?
If there is a silver lining, it's that these theoretical attacks are difficult to execute. So difficult that Intel and AMD may forgo patching the vulnerabilities altogether. As Tom's Hardware notes, the malware would need to bypass all of the other software and hardware defenses found on your device before it could execute a tricky, unconventional attack.
The bottom line? The risk of you falling victim to this exploit is very low. That said, low risk is not no risk and both Intel and AMD have been notified of these holes in their armor.
For Intel's part, the chipmaker provided Laptop Mag a statement claiming the vulnerabilities outlined in the research paper have already been mitigated.
“Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed."
However, Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at the University of Virginia School of Engineering, responded by encouraging Intel to secure its hardware rather than relying on devs to follow software instructions that can be time-consuming and resource-dependant.
“We're aware of these guidelines from Intel suggesting software developers to write code in a way that is not vulnerable to side-channel attacks. Here's an excerpt from the Intel article –'Developers who wish to protect secret data against timing side channel methods should ensure that their code runtime, data access patterns, and code access patterns are identical independent of secret values.’
Certainly, we agree that software needs to be more secure, and we agree as a community that constant-time programming is an effective means to writing code that is invulnerable to side-channel attacks. However, the vulnerability we uncover is in hardware, and it is important to also design processors that are secure and resilient against these attacks.
In addition, constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software. The percentage of code that is written using Constant Time principles is in fact quite small. Relying on this would be dangerous. That is why we still need to secure the hardware.”