New Chip Flaw

In All by Alex Kallimanis

Security Dropdown Button

Stay secure against hardware vulnerabilities

At the start of 2018 the whole of the Information Technology sphere was worried about a potential data breach. Devices ranging from smartphones to servers could be affected due to the “Spectre” and “Meltdown” vulnerabilities (known also as Speculative Store Bypass Variants 1-3) in processors. Hackers exploited a flaw in the chipsets by manipulating a widespread “efficiency technique” meant to speed up processors. Fixing these issues required the various hardware and software companies patching the vulnerabilities, at the cost of slower performance. Spectre and Meltdown represented a whole new class of attack on traditional computer systems. Researchers feared that similar flaws would be discovered in the future.

New Flaw on the Block

A new vulnerability, known as Speculative Store Bypass Variant 4, was disclosed on Monday by researchers from Google’s Project Zero and Microsoft. The exploit affects ARM, Intel, and AMD processors to “access data that is meant to be stored out of reach” (wired) such as JavaScript ads in web browsers.

Many browser systems already have protections in place agains these Speculative Store Bypass (SSB) attacks after patches regarding Meltdown and Spectre. However, specifically engineered patches are being designed by both chip hardware and software manufacturers—with similar performance issues as their predecessors. It is important to note that Microsoft currently believes that the threat to users at the moment “is ‘low”. While “Intel notes that there is no evidence that the flaw is already being used by hackers.” (wired)

What Happens

In order to speed up processing times most modern processors employ “speculative execution”. This process hypothesizes which pieces of data to work with, rather than waiting to have all of the information necessary. SSB vulnerabilities circumvent these normal data flows to take advantage of data that “leaks out in various ways”.  Patches to firmware and software can mitigate most of the effects of these exploits. In some cases updates will be made to the microcode of the processor to change its “fundamental behaviors”. The following video is a good primer on how these SSB attacks work.

Many consumers will be weighing the benefits of patching their systems immediately upon the release of patches (most of which will be optional) vs the performance detriments they are likely to suffer as a result of the patch. First Service Carolina always recommends keeping your devices up to date. Having a secure system pays off when you’re dealing with sensitive, private, or valuable data.

This story originally appeared on wired.com
Video Copyright Red Hat Videos – Retrieved from youtube on 5/31/18