Intel's CPU cores remain vulnerable to Specter data-leaking attacks, say academics at VU Amsterdam.
When you accidentally compromise every processor on earth
We're told that software and silicon-level restrictions put in place by the x86 giant to counter Spectre-like exploits of its processors' speculative execution can be bypassed, allowing malware or rogue users on a vulnerable machine to steal sensitive information — such as ex. passwords and keys – without core memory and other parts of RAM that should be banned.
The boffins say they have developed a tool called InSpectre Gadget that can find code snippets, so-called gadgets, in an operating system kernel that on vulnerable hardware can be abused to obtain secret data, even on chips that have Specter protection baked in.
InSpectre Gadget was used, as an example, to find a way to bypass FineIBT, a security feature built into Intel microprocessors intended to limit Spectre-like speculative execution exploits, and successfully execute a Native Branch History Injection (Native BHI) attack to steal data from protected core memory.
