ETH uncovers vulnerability in Intel architecture
Researchers at ETH Zurich have discovered a serious security vulnerability in Intel processors that allows access to sensitive data across CPU boundaries. The vulnerability has affected all Intel processors since 2018 and poses a serious risk for data centres, cloud providers and technology-based sites.
Modern site development is based on digital infrastructures whose security is taken for granted. However, with the discovery of the “Branch Privilege Injection” vulnerability by ETH researchers, it has become clear that the risks in speculative CPU technologies are more serious than previously assumed. The vulnerability allows attackers to read privileged memory areas on shared processors. Byte by byte and at high speed. Millions of systems in private and public data centres worldwide are affected.
A boon for performance, a risk for security
The vulnerability originates from a concept that was originally introduced to increase efficiency. Speculative execution. The processor calculates computing steps in advance, a mechanism that can lead to authorisation errors at nanosecond intervals. Attackers use a so-called race condition in the branch predictor and thus overcome protection mechanisms between different users.
Cloud environments are particularly exposed
The threat is not limited to individual devices. The vulnerability is particularly critical in cloud computing, where different customers share the same hardware resources. The attack scenario makes it possible to access the storage areas of other users. A nightmare for anyone who relies on secure data storage. This means that the choice of location for digital companies also becomes a question of IT security architecture.
Architectural weakness with system
Ever since Spectre and Meltdown were discovered in 2017, it has been clear that speculative execution is a security minefield. The current gap is part of a series of systematic design problems. ETH professor Kaveh Razavi speaks of a fundamental architectural flaw. New avenues of attack are regularly discovered and have to be rectified via complex microcode updates.