Spectre's not done causing trouble.
What you need to know
- Three years ago, Spectre attacks sent companies such as Microsoft, AMD, and Intel into patching frenzies.
- A new research paper posits that Spectre isn't done endangering computers yet.
- The paper cites that Spectre counters will come at the cost of CPU performance.
Researchers from the University of Virginia and the University of California, San Diego, have published a paper entitled "I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches," which explores the latest Spectre attacks and how the threat they pose is distinctly different than the ones from three years ago (via PC Gamer).
Spectre takes advantage of and exploits modern CPU prediction techniques that are designed for optimization but give hackers a way to read key data if the processor makes an incorrect prediction. The researchers who've published the aforementioned research paper cite three main attacks as part of the current wave of Spectre threats.
The issue with combating these attacks is that, unless a better way is found, the major counters currently involve disabling the source of the readable data or limiting the aforementioned predictive techniques such as speculative execution. All of these solutions would drastically slow performance since they'd be actively undoing key elements of existing processors' optimization efforts.
The full paper is a highly technical read and hard to parse if you're not up to speed on computer security technical terminology, but the long and short of it is that the Spectre threats listed require quite a bit of effort and dedication on the hacker's part, so the average PC user likely won't have to worry too much — for now. Thankfully, this paper raises awareness of said issues and will hopefully lead to the avoidance of another Spectre-fueled scramble to protect peoples' hardware after the fact.
0 comments:
Post a Comment