2018 was a very bad year for microprocessor vendors due to the Spectre & Meltdown bug, but for Intel, it was a nightmare year, worst in its history. The out-of-order execution and branch prediction capabilities of processors were developed in a way that allows timing attacks, which made Spectre & Meltdown take the cybersecurity headlines last year. Until now, operating systems like MacOS, Windows and Linux continue to get updates to mitigate the issues, it will take a while to complete the mitigation, especially those patches that will never down the computer.
Seems like 2019 is shaping as the continuation of the nightmare for Intel and other processor vendors, with the discovery of a Spectre-like hardware vulnerability in processors. Dubbed as “Spoiler” the by Worcester Institute of Technology researchers, like Spectre it leaks a supposed private user data stored in the processor for processing. Spoiler reveals to the attacker the system’s memory layout with ease, hence revealing information that should not be accessible from an account that is not privileged to view the data.
Also, considered as part of the exploiting the speculative execution of the processor core, Spoiler bug can only be fixed with a hardware revision of the affected processor family. It is detailed in the report titled: Spoiler: Speculative Load Hazards Boost Rowhammer and Cache Attacks. Like the Spectre vulnerability before it, mitigation requires re-evaluation of the timings, in order to lessen the possibility that privileged data can be extracted from the processor on-demand by an attacker.
“My personal opinion is that when it comes to the memory subsystem, it’s very hard to make any changes and it’s not something you can patch easily with a microcode without losing tremendous performance. There is no software mitigation that can completely erase this problem. The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available. Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks,” explained Daniel Moghimi, Computer Security Researcher at Worcester Institute of Technology.
Intel on their part is not denying the existence of Spoiler, but it downplays its effect, the chipmaker does not expect it of having the same impact compared to Spectre. “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research,” emphasized an Intel representative.
At the time of this writing, there is no official feedback yet from AMD and ARM, but initial checks show that processors from either vendors do not exhibit the same buggy behavior similar to Spoiler. In the x86 processor market, if Intel will not be able to mitigate if not release a newer processor family that will fix the Spoiler issue quick enough, this may become the break AMD is waiting for them to gain more market share.