Researchers at the University of Virginia have released a paper outlining an attack that is seen exploiting the micro-op cache, stealing data when a processor fetches from the cache, reminiscent of the 2018 Spectre/Meltdown attacks. This line of attack is said to break all Spectre defenses putting billions of devices at risk. University of Virginia researchers Ashish Venkat said, “…it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.” Fortunately for defenders, there is a noticeable side-effect to using this attack — it degrades performance on the victim machine enough to raise alarm, which in turn causes a similar effect seen in early patching efforts.
“It is really unclear how to solve this problem in a way that offers high performance to legacy hardware, but we have to make it work,” Venkat said. “Securing the micro-op cache is an interesting line of research and one that we are considering.”
Analyst Notes
Occasionally hardware flaws like this appear and it requires the industry to respond quickly and creatively with mitigations, since it is often impractical to patch hardware. While this is not to be taken lightly the report points out severe performance degradation which may raise alarms to alert defenders during active exploit. While researchers and manufacturers work on a solution, Binary Defense researchers constantly create practical detections that can be used to identify exploitation attempts. A solid threat hunt team combined with a 24/7 SOC monitoring and evaluating alerts greatly increase the security posture of any organization, giving defenders a chance of identification before attackers can escalate further.
Sources:
https://engineering.virginia.edu/news/2021/04/defenseless-uva-engineering-computer-scientists-discover-vulnerability-affecting
https://www.cs.virginia.edu/~av6ds/papers/isca2021a.pdf
