BranchScope vulnerability could be the next Spectre/Meltdown flaw for the enterprise

While the Spectre vulnerability focused on the branch target buffer, BranchScope shows similar flaws in the branch predictor, but is unaffected by patches.

Spectre-Meltdown: What business needs to know
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • BranchScope is the first side-channel attack targeted at extracting information through the branch predictor.
  • While similar in spirit, BranchScope is not affected by recent patches for the Spectre class of vulnerabilities relating to the branch target buffer.

Following the public disclosure of the Spectre and Meltdown vulnerabilities in January, researchers at the College of William and Mary, Carnegie Mellon University, UC Riverside, and Binghamton University have published BranchScope (PDF link), a vulnerability that leverages the speculative execution capabilities found in practically every modern processor to circumvent memory protections implemented in the hardware and operating system level.

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

While Spectre and BranchScope can be considered the same class of vulnerability--both are side channel attacks that require manipulation of speculative execution--the BranchScope vulnerability is the first attack to focus on the shared branch target predictor, according to the authors.

From the whitepaper:

BranchScope works by forcing collisions between the attacker and selected victim branches and exploiting these collisions to infer information about the victim branch. ...In order to achieve collisions, we must overcome the unpredictability of the complex hybrid prediction mechanisms used in modern CPUs. BranchScope overcomes this by generating branch patterns that force the branch predictor to select the local one-level prediction even when complex multi-level predictors are present in the processor. Second, after collisions are reliably created, the victim's branch direction can be robustly disclosed by an attacker executing a pair of branches with predefined outcomes, measuring the prediction accuracy of these branches, and correlating this information to the predictor state and thus to the direction of the victim's branch.

For comparison, Spectre (variant 2) relied on manipulation of the branch target buffer, selectively executing branch instructions in a way that causes the processor cache to be visible to a malicious program. (The inner workings of this are slow, as it requires roughly 30 minutes for initialization and has only been demonstrated at a max of 2,000 bytes per second.)

While Spectre was not shown to be able to penetrate Intel's Software Guard Extensions, this capability was added earlier this month with the disclosure of SgxPectre, which extends the initial Spectre vulnerability to combines with vulnerable code patterns in the existing SGX runtime libraries to gain complete access to the contents of secure enclaves used to protect data from being used by applications at a higher privilege level.

Similarly, BranchScope is capable of reading data that should be protected by SGX, and is also shown by the authors to be capable of defeating address space randomization (ASLR). BranchScope is still exploitable on systems that have received patches for Spectre. The authors have demonstrated the vulnerability on Intel's Sandy Bridge, Haswell, and Skylake processors with an error rate of less than 1%.

Vulnerabilities relating to speculative execution are likely to persist for the foreseeable future, as additional attack vectors like BranchScope are discovered. While patches for affected Intel processors created in the last decade have since been published (after some initial difficulties), as well as for AMD and IBM POWER processors, speculative execution side-channel attacks are a relatively new paradigm for security researchers to investigate. While these vulnerabilities are not easily exploitable by criminals--they require an ability to run code on the system to begin with--full defenses against this type of attack are likely to be a multi-year effort.

Update: A spokesperson from Intel provided this statement to TechRepublic:

"We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.

For the record, the researchers described their own approach to patching BranchScope in the original whitepaper, noting that the vulnerability is unaffected by patches for Spectre.

Also see

Image: iStockphoto/Vladimir_Timofeev