New Spectre attack types leave AMD and Intel CPUs exposed [Updated]

Spectre’s not done causing trouble.

What you need to know

Three years ago, Spectre attacks sent companies such as Microsoft, AMD, and Intel into patching frenzies.
A new research paper posits that Spectre isn’t done endangering computers yet.
The paper cites that Spectre counters will come at the cost of CPU performance.

Update May 3, 2021 at 4:05 pm ET: Intel has provided the following statement.

Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed.

The original story can be found below:

Researchers from the University of Virginia and the University of California, San Diego, have published a paper entitled “I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches,” which explores the latest Spectre attacks and how the threat they pose is distinctly different than the ones from three years ago (via PC Gamer).

Spectre takes advantage of and exploits modern CPU prediction techniques that are designed for optimization but give hackers a way to read key data if the processor makes an incorrect prediction. The researchers who’ve published the aforementioned research paper cite three main attacks as part of the current wave of Spectre threats.

The issue with combating these attacks is that the major counters involve disabling the source of the readable data or limiting the aforementioned predictive techniques such as speculative execution. All of these solutions would drastically slow performance since they’d be actively undoing key elements of existing processors’ optimization efforts.

The full paper is a highly technical read and hard to parse if you’re not up to speed on computer security technical terminology, but the long and short of it is that the Spectre threats listed require quite a bit of effort and dedication on the hacker’s part, so the average PC user likely won’t have to worry too much — for now. Hopefully there isn’t another Spectre-fueled scramble to protect PCs on the horizon.

New Spectre attack types leave AMD and Intel CPUs exposed [Updated]