On May 11th, during the “ASPLOS 2024” academic conference, a technical paper was released by Google in collaboration with the University of California, San Diego, and Purdue University.
The paper discusses a new method for attacking Intel CPUs known as “Pathfinder,” which notably can extract currently processed images and AES keys directly from a user’s JPEG image library.
Pathfinder exploits the modern CPU’s branch prediction mechanisms, allowing attackers to read and manipulate the key components of the Conditional Branch Predictor. This enables the reconstruction of the program’s control flow history and the initiation of high-resolution Spectre attacks.
The research team built on the foundations of the 2018 Spectre attack by inducing branch prediction errors in the Path History Register (PHR). This causes unintended code paths to execute on the victim’s device, thus exposing sensitive data.
It’s worth noting that while the vulnerability attack is based on the previously disclosed “Spectre v1 vulnerability” in Intel processors, processors from AMD, Apple, and Qualcomm are unaffected. However, the researchers emphasize that no processor is entirely flawless:
The study demonstrates that the contents of the Path History Register are easily leaked, exposing many branch codes as potential attack surfaces and posing significant security threats once vulnerabilities are revealed.
Keep visiting for more such awesome posts, internet tips, lifestyle tips, and remember we cover,
“Everything under the Sun!”
Follow Inspire2rise on Twitter. | Follow Inspire2rise on Facebook. | Follow Inspire2rise on YouTube