Researchers flag global hardware security vulnerability

Researchers have identified a widespread computer security vulnerability affecting laptop, desktop and server hardware. Last year, the so-called Spectre and Meltdown security vulnerabilities made headlines when it was discovered that they affect the Intel central processing units (CPUs) in most laptop and desktop computers and servers. Now, researchers in the EPFL's HexHive and PARSA laboratories, in collaboration with IBM Research in Zurich, have characterized a similar, but novel attack called SMoTherSpectre. Data leakage In computer science terms, SMoTherSpectre is known as a "speculative side channel attack", meaning that it allows a potential attacker to leak data by taking advantage of a CPU optimization technique in which instructions are executed 'speculatively' after a branch (decision point) in the code. Modern CPUs implement many instructions concurrently, but instead of waiting until branch instructions complete their execution, these CPUs 'guess' which target will be used and execute those instructions speculatively. If the guess was correct, the speculatively executed instructions are committed, improving performance; otherwise they are discarded. Unfortunately, incorrect guesses result in a so-called "side channel" that can leak information to an attacker.