Intel and ARM Processors Vulnerable To New Attack

Recent research has revealed that modern CPUs from Intel, specifically the Raptor Lake and Alder Lake series, are vulnerable to a new side-channel attack known as Indirector. This attack can potentially leak sensitive information from the processors. Additionally, Arm CPUs have been found to have their own vulnerabilities through an attack called TIKTAG. Understanding these threats, who is at risk, and how to protect yourself is crucial for maintaining security.

Understanding Indirector and Its Implications

What Is Indirector?

Indirector is a side-channel attack discovered by researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen. This attack exploits weaknesses in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) of modern CPUs.

How It Works

1. Indirect Branch Predictor (IBP): The IBP predicts the target addresses of indirect branches, which are control flow instructions computed at runtime. Accurate prediction of these branches is challenging.

2. Branch Target Injection (BTI): By exploiting vulnerabilities in the IBP, attackers can launch BTI attacks, similar to the Spectre v2 attack (CVE-2017-5715), leading to unauthorized disclosure of information.

Using a custom tool called iBranch Locator, attackers can locate any indirect branch and execute precision-targeted IBP and BTB injections to perform speculative execution.

Intel’s Response

Intel was informed of these findings in February 2024 and has since notified other affected hardware and software vendors. The recommended mitigations include:

• Aggressive Use of Indirect Branch Predictor Barrier (IBPB): Enhances protection by limiting the speculative execution paths.

• Hardened Branch Prediction Unit (BPU): Incorporates more complex tags, encryption, and randomization to make exploitation more difficult.

TIKTAG Attack on Arm CPUs

What Is TIKTAG?

TIKTAG is another speculative execution attack, but it targets Arm CPUs. This attack exploits the Memory Tagging Extension (MTE) to leak data with over a 95% success rate in less than four seconds.

How It Works

Researchers identified new TIKTAG gadgets capable of leaking MTE tags from arbitrary memory addresses through speculative execution. This allows attackers to bypass the probabilistic defense mechanisms of MTE, nearly ensuring a successful attack.

Arm’s Response

Arm acknowledged that while MTE provides some first-line deterministic and probabilistic defenses against specific exploit classes, these defenses are not designed to be a complete solution against interactive adversaries capable of brute-forcing or crafting arbitrary Address Tags.

Who Is at Risk?

CPU Users and Administrators

Users and administrators of Intel Raptor Lake, Alder Lake CPUs, and Arm CPUs with MTE are at significant risk. If these vulnerabilities are exploited, sensitive information can be leaked, leading to potential data breaches.

Organizations

Organizations relying on affected Intel and Arm CPUs in their infrastructure are particularly vulnerable. This includes industries handling sensitive data such as finance, healthcare, and government.

How to Protect Yourself

For Intel CPU Users

1. Apply Security Patches: Ensure your systems are updated with the latest security patches provided by Intel and other hardware/software vendors.

2. Use IBPB Aggressively: Implement IBPB more aggressively to limit speculative execution paths.

3. Harden BPU Design: Where possible, harden the BPU design with complex tags, encryption, and randomization.

For Arm CPU Users

1. Update Firmware and Software: Regularly update the firmware and software to the latest versions that include security enhancements.

2. Monitor for New Security Advisories: Stay informed about any new security advisories related to MTE and speculative execution attacks.

3. Implement Best Practices: Follow best practices for system security, including robust access controls and regular security audits.

General Security Practices

1. Network Segmentation: Isolate critical systems and data to limit the impact of any potential breach.

2. Access Controls: Implement multi-factor authentication (MFA) and strict access controls to protect sensitive information.

3. Regular Audits: Conduct regular security audits to identify and address potential vulnerabilities.

Conclusion

The discovery of Indirector and TIKTAG attacks highlights the evolving landscape of cybersecurity threats. By understanding these vulnerabilities and implementing recommended mitigations, users and organizations can protect their systems from potential exploits. Staying informed about the latest security updates and adhering to best practices are essential steps in maintaining robust security.