Latest in Gear

Image credit: BeeBright via Getty Images

Researchers discover new ways to abuse Meltdown and Spectre flaws

And chipmakers' hardware changes won't be enough to protect against them.
497 Shares
Share
Tweet
Share
Save

Sponsored Links

BeeBright via Getty Images

Intel has already started looking for other Spectre-like flaws, but it won't be able to move on from the Spectre/Meltdown CPU vulnerabilities anytime soon. A team of security researchers from NVIDIA and Princeton University have discovered new ways to exploit Meltdown and Spectre outside of those idenfitied in the past. The researchers developed a tool to explore how else cyber criminals could take advantage of the CPU flaws and found new techniques that could be used to extract sensitive info like passwords from devices.

These techniques, which they've dubbed MeltdownPrime and SpectrePrime, pit two CPU cores against each other to dupe multi-core systems and get access to their cached data. The team wrote in their report (PDF):

"In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime -- two variants of Meltdown and Spectre, respectively -- can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.

Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol."

The good news is that the software patches Intel and other chipmakers are rolling out are enough to protect against the newly discovered techniques. Those patches come with their own set of troubles and might slow down systems a bit, but they can at least ensure PCs, phones, servers and anything made vulnerable by the flaws are protected. However, the hardware changes Intel and other chipmakers are planning to make future CPUs Spectre- and Meltdown-proof might not be enough. The researchers said the discovery of these new techniques will "require new considerations" when it comes to any planned "microarchitectural mitigation."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
497 Shares
Share
Tweet
Share
Save

Popular on Engadget

Sonos' portable smart speaker leaks in greater detail

Sonos' portable smart speaker leaks in greater detail

View
Kevin Smith is making a 'He-Man' anime series for Netflix

Kevin Smith is making a 'He-Man' anime series for Netflix

View
SpaceX Starman Roadster completes its first orbit around the Sun

SpaceX Starman Roadster completes its first orbit around the Sun

View
Tesla's relaunched solar power efforts include $50 panel rentals

Tesla's relaunched solar power efforts include $50 panel rentals

View
After Math: Plead the fifth

After Math: Plead the fifth

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr