By now, most people have heard about Spectre, a security vulnerability present in just about all modern-day processors, namely AMD and Intel. If you wish to understand this vulnerability in more detail, you can do so at https://spectreattack.com/spectre.pdf.
But these vulnerabilities have been fixed, right? Well, yes, there are indeed OS, browser, and firmware updates that patch both Spectre. That’s good, but keep in mind that these patches also create significant performance issues. Modern CPUs use something known as speculative execution to “speed things up”. Speculative execution is an optimization technique where a CPU performs instructions on data that may not be needed. It is this functionality that Spectre attempts to exploit as follows:
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
As of June 26th, Spectre has now returned… Researchers Noam Hadad & Jonathan Afek of Aleph Security have developed a PoC that side-steps the patch for the Google Chrome browser. Their PoC allowed the researchers to:
- Read speculatively accessed memory in Chrome at around 1 bit per second.
- Read accessed memory in Edge (not speculatively accessed) at around 1 bit per second.
- Read accessed memory in Safari (not speculatively accessed) at around 1 bit per second.