Security experts have discovered a new method of side-channel attacks on the latest processors, specifically targeting Intel’s Raptor Lake and Alder Lake. The attack, called Indirector, exploits vulnerabilities in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to bypass chip defenses and access sensitive data. IBP predicts the target addresses of control flow instructions, making it possible for attackers to execute branch target injection (BTI) attacks and extract sensitive information directly from the device.
The researchers behind the discovery, Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, developed a tool called iBranch Locator to demonstrate the vulnerability. They alerted Intel earlier this year about their findings, and while the company acknowledged the issue, it stated that previous mitigation guidelines for issues like IBRS, eIBRS, and BHI are effective against this new research.
Similar to previous vulnerabilities like Spectre and Meltdown, the Indirector attack leverages speculative execution, a feature utilized by modern CPUs to predict and execute instructions ahead of time to enhance performance. However, patching these vulnerabilities often comes at the cost of reduced processor performance.
In response to the discovery, Intel reassured users that existing fixes for other vulnerabilities also address the Indirector attack, and no new mitigations are necessary. Despite this, users are advised to remain vigilant and ensure their devices are up to date with the latest security patches to prevent the risk of data loss to cybercriminals.
Overall, the Indirector attack highlights the ongoing cat-and-mouse game between cybersecurity researchers and cybercriminals, as new vulnerabilities continue to be discovered and exploited on a regular basis. It underscores the importance of proactive security measures and constant monitoring to safeguard sensitive information and prevent unauthorized access to personal and corporate data.
Article Source
https://www.techradar.com/pro/security/some-of-the-newest-intel-processors-could-be-hit-by-this-dangerous-new-security-flaw