The security industry is at the edge of its seat especially after the discovery of two classes of exploits in Intel’s processors, i.e., Meltdown and Spectre. Earlier this year, researchers discovered that these security flaws could easily be used to manipulate vulnerabilities in different ways. The one consequence of this would be that the hackers would gain complete access to any private information stored within the system. Ever since the security flaws were publicly confirmed by Intel, technology giants are rushing to roll out patches to fix the issue. We are still uncertain as to how badly this situation can go.
To make things worse, researchers are coming up with an increasing number of ways to exploit the vulnerabilities furthermore. According to a report published by The Verge, a new paper from Princeton University conducted in collaboration with the Nvidia team have come up with an ultra-complex method of exploiting these vulnerabilities even more.
The research is titled, ‘Meltdown prime and Spectre Prime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Conference Protocols,’ under which, researchers were able to extract some of the most sensitive user information on a system. In other words, the researchers tricked the multi-core machine into providing them with data stored across more than one processor memory cache.
“In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information,” the paper explained. “By exploiting cache invalidations, MeltdownPrime and SpectrePrime – two variants of Meltdown and Spectre, respectively – can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.”
The new attack is different from the methods that are previously established, as the former is “caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol.”