Experts have discovered a new way to run side-channel attacks on some of the latest processors from Intel, and warned if users don’t secure their devices, they risk losing sensitive data to cyber-criminals.
Security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen detailed an attack they named Indirector, which abuses vulnerabilities found in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to work around the chip’s defenses and obtain important data.
It was said that both Raptor Lake and Alder Lake were susceptible to Indirector.
A patch is available
IBP is a hardware component that predicts the target addresses of indirect branches (control flow instructions). Since the address is computed at runtime, the IBP uses a combination of global history and branch address to predict the target address of indirect branches, the researchers explained.
In other words, IBPs are vulnerable and allow the attackers to run Branch Target Injection (BTI) attacks which, in turn, grant them the ability to grab sensitive information directly from the unit. To that end, the researchers built a tool called iBranch Locator.
The researchers tipped Intel off on their findings earlier this year, and while the company acknowledged their discovery, they said that previous fixes address this method, too.
“Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS, and BHI are effective against this new research and no new mitigations or guidance is required,” a spokesperson for the company told The Hacker News.
Similar to the Spectre and Meltdown vulnerabilities from a few years back, this method also leans on speculative execution. That is a feature that most modern CPUs use, in which the chips “speculate” the path of a branch and execute instructions ahead of time to improve performance. Patching these types of flaws usually reduce the performance of the processors.
Via TheHackerNews