Giorgi Maisuradze and Prof. Dr. Christian Rossow discovered that the ret2spec (return-to-speculation) vulnerability again enables attackers to read data without authorization. At least all Intel processors of the past ten years are affected by the vulnerabilities. Similar attack mechanisms could probably also be derived for ARM and AMD processors.

This fifth and hitherto unknown vulnerability in CPUs will be presented at the ACM Conference on Computer and Communications Security (CCS) in Toronto (Canada) in October. "The security gap is caused by CPUs predicting a so-called return address for runtime optimization," says Rossow. "If an attacker can manipulate this prediction, he gains control over speculatively executed program code. It can read out data via side channels that should actually be protected from access."

It is therefore possible, for example, for malicious web pages to read the memory of the browser to steal critical data such as stored passwords or to accept browser sessions. A slight variation of the attack even makes it possible to read the memory contents of other processes, for example to read password entries from other users. "Both variations can be understood as an inverse spectre attack, since return addresses are now also used in ret2spec - instead of forward jump addresses as in spectre," says Rossow.

Click here to read more

More News

Agile Analog Awarded Innovate UK Grant to Accelerate Semiconductor IP Development (July 31, 2019)
Silvaco Appoints Babak Taheri as new Chief Executive Officer (July 31, 2019)
Silvaco, Inc. Appoints Babak Taheri as CEO Succeeding David Dutton who assumes Role of Board Vice-Chair (July 31, 2019)
China, Huawei Hit Q'Comm Where it Hurts (July 31, 2019)
Mobiveil to Demonstrate its Latest SSD IP Solutions at Flash Memory Summit 2019 (July 31, 2019)