Wednesday March 28, 2018

New BranchScope Attack Vector for Intel CPUs

BranchScope is a newly identified side-channel attack that can be used on Skylake, Haswell, and Sandy Bridge CPUs. While a bit off topic, the video below talks about Meltdown and Spectre and how those work that gives a good overview. Thanks @TurboGLH.

"BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit," the researchers explained in their paper.

The researchers who identified the BranchScope attack method have proposed a series of countermeasures that include both software- and hardware-based solutions.

Dmitry Evtyushkin, one of the people involved in this research, told SecurityWeek that while they have not been tested, the microcode updates released by Intel in response to Meltdown and Spectre might only fix the BTB vector, which means BranchScope attacks could still be possible. However, Intel told the researchers that software guidance for mitigating Spectre Variant 1 could be effective against BranchScope attacks as well.

Discussion