Researchers find new Spectre-like attack: SplitSpectre

Researchers from Northeastern University and IBM Research have found a new variation on the Spectre vulnerability that can be abused via code in the browser. That’s what ZDNet reports. It concerns SplitSpectre, a CPU vulnerability due to a design flaw in the micro-architecture of modern processors.

The vulnerability can be abused by attacking the process of speculative execution. This is an optimisation technique used to improve the performance of the CPU. The vulnerability is a variation of the original Spectre vulnerability that was discovered last year and made public in January this year.

The difference between the two vulnerabilities is how the attack to abuse them is carried out. According to the researchers, the attack for SplitSpectre is much easier to carry out than the original attack. For the original attack, there must be a device near the victim.

The new variant divides that device into two parts. The researchers argue that the second half of this exploit can be run within the malicious code of the attacker himself. This means that it does not have to be rotated in the target’s kernel, as is the case with the original attack.

The researchers successfully attacked Intel Haswell and Skylake CPUs for their paper, as well as AMD Ryzen processors via SpiderMonkey 52.7.4. That’s the JavaScript engine from Firefox.

Installing Updates

However, the attack can be prevented by existing solutions against Spectre. This includes updates to the microcode of a CPU that were released by the manufacturers in the past year. It also includes updates to popular code compilers to protect apps from Spectre-like attacks, and browser-level modifications released by browser developers.

However, if these updates are not installed, the SplitSpectre attack can theoretically be carried out.