Researchers Find a New ‘Indirector’ Attack Vulnerability in Intel Processors

Published:

spot_img

New Side-Channel Attack Identified in Modern Intel CPUs: The Indirector Vulnerability

Security researchers have uncovered a new and concerning vulnerability in modern Intel CPUs, including the latest variants like Raptor Lake and Alder Lake. The attack, named Indirector, exploits weaknesses in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to bypass security defenses and access sensitive data stored in processors.

The IBP is a crucial component in modern CPUs that predicts the target addresses of indirect branches, which are control flow instructions computed at runtime, making them difficult to predict accurately. The Indirector attack, developed by researchers at the University of California San Diego, utilizes precise Branch Target Injection (BTI) techniques to execute speculative code and steal information from the processor using a side-channel attack.

This attack leverages a custom tool called the iBranch Locator to identify indirect branches and inject malicious targets into the IBP and BTB entries. By using high-precision IBP and BTB injections, attackers can bypass existing defenses and compromise system security in various scenarios.

While Intel has implemented mitigations like Indirect Branch Restricted Speculation (IBRS) and Single Thread Indirect Branch Predictors (STIBP) to protect against target injection attacks, the researchers found these defenses to be inadequate. They recommend more aggressive use of the Indirect Branch Predictor Barrier (IBPB) and propose incorporating finer-grained Branch Prediction Unit (BPU) isolation in future CPU designs.

The researchers shared their findings with Intel in February 2024, prompting the company to notify other affected hardware and software vendors about the vulnerability. This discovery underscores the importance of ongoing scrutiny and improvement of hardware components to stay ahead of potential threats in the ever-evolving landscape of cybersecurity.

spot_img

Related articles

Recent articles

Consolidation Strengthens Cybersecurity in the MENA Region Amid Rising Threats

Consolidation Strengthens cybersecurity in the MENA Region Amid Rising Threats Cybersecurity leaders are navigating an increasingly complex landscape, facing mounting pressure from regulatory bodies, evolving...

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools

Windows Bind Link Attacks Strengthen Evasion Techniques Against EDR Tools Recent research from Bitdefender has unveiled critical vulnerabilities in Windows' bind link feature, demonstrating how...

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools

Malicious AI Models Surge on Dark Web: WormGPT, FraudGPT, and the Rise of Unrestricted Cybercrime Tools The emergence of malicious AI models on the dark...

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...