The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: CPU hacking

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

August 06, 2020Ravie Lakshmanan
It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow , was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD — previou
 New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

May 30, 2020Ravie Lakshmanan
Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper " DABANGG: Time for Fearless Flush based Cache Attacks " published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian Institute of Technology (IIT) Kanpur earlier this week. Dubbed " Dabangg " (meaning fearless), the approach builds upon the Flush+Reload and Flush+Flush attacks, which have been exploited previously by other researchers to leak data from Intel CPUs. However, the new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS. "Like any other cache attacks, flush based cache attacks rely on the calibration of cache latency," Biswabandan Panda, assistant profes
Two New Spectre-Class CPU Flaws Discovered—Intel Pays $100K Bounty

Two New Spectre-Class CPU Flaws Discovered—Intel Pays $100K Bounty

July 11, 2018Mohit Kumar
Intel has paid out a $100,000 bug bounty for new processor vulnerabilities that are related to Spectre variant one ( CVE-2017-5753 ). The new Spectre-class variants are tracked as Spectre 1.1 (CVE-2018-3693) and Spectre 1.2, of which Spectre 1.1 described as a bounds-check bypass store attack has been considered as more dangerous. Earlier this year, Google Project Zero researchers disclosed details of Variants 1 and 2 (CVE-2017-5753 and CVE-2017-5715), known as Spectre, and Variant 3 (CVE-2017-5754), known as Meltdown. Spectre flaws take advantage of speculative execution, an optimization technique used by modern CPUs, to potentially expose sensitive data through a side channel by observing the system. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. New Spectre-Cla
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.