What’s BranchScope? It’s a new side-channel attack discovered by four security researchers from College of William and Mary, Carnegie Mellon University in Qatar, University of California Riverside, and Binghamton University, which could affect devices powered by Intel processors and which may be immune to the Meltdown and Spectre mitigations.
According to their paper, even if they are a bit more sophisticated, the BranchScope attacks can do the same damage as the Spectre and Meltdown flaws, in the way that an attacker can exploit the security vulnerability to retrieve sensitive data from the unpatched system, including passwords and encryption keys, by manipulating the shared directional branch predictor.
The researchers have demonstrated the BranchScope attack on three recent Intel Core i5 and Core i7 x86_64 (64-bit) processor families, including Sandy Bridge, Haswell, and Skylake. The worst part of these attacks is that BranchScope can be extended, offering attackers additional tools to perform more advanced and flexible attacks that target even applications running inside Intel SGX (Software Guard Extensions) enclaves.
In their paper, which is a must read if you want to learn everything there is to know about the BranchScope vulnerability, the security researchers have proposed software- and hardware-based mitigations for the BranchScope attacks. Therefore, we expect Intel to release new microcode updates for its processors that also fully patch the BranchScope vulnerability, so make sure you always keep your systems up-to-date.
Submitted by: Arnfried Walbrecht