• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Whitepapers
  • Data Strategy Spotlight
  • Newsletters
  • Whitepapers
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Follow us
    • RSS
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • Google+
    • YouTube
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Trending
  • MWC 2019
  • Article 13
  • AMD Radeon VII
  • Galaxy S10
  • Nvidia GTX 1660 Ti 
The Inquirer
  • Chips

Security boffins uncover seven more Spectre and Meltdown attacks

And some have yet to be fully mitigated

Security boffins uncover seven more Spectre and Meltdown attacks
Meltdown and Spectre just won't go away
  • Roland Moore-Colyer
  • Roland Moore-Colyer
  • @RolandM_C
  • 15 November 2018
  • Tweet  
  • Facebook  
  • Google plus  
  •  
  •  
  • Send to  
0 Comments

SECURITY BOFFINS have discovered another seven ways that the Meltdowns and Spectre vulnerabilities could be exploited by hackers if mitigations aren't in place.

Like a crap gift that won't stop giving, there has been a huge number of new ways Meltdown and Spectre attacks can be used against ARM, AMD and Intel chips.

The team of nine security researchers explained that two of the new attacks affect the Meltdown vulnerability, while the other five are variations on the original Spectre exploit.

"Recent research on transient execution attacks including Spectre and Meltdown showed that exception or branch misprediction events may leave secret-dependent traces in the CPU's microarchitectural state, the clever folks said in their paper A Systematic Evaluation of Transient Execution Attacks and Defenses. 

"This observation led to a proliferation of new Spectre and Meltdown attack variants and even more ad-hoc defences (e.g., microcode and software patches).

"Unfortunately, both the industry and academia are now focusing on finding efficient defenses that mostly address only one specific variant or exploitation methodology. This is highly problematic, as the state-of-the-art provides only limited insight on residual attack surface and the completeness of the proposed defenses."

Some of these new attacks have protections in place to prevent them being used against targeted machines, but others have yet to be fully mitigated.

All this points towards the need to for chipmakers and software firms to keep working on ways to protect against new Spectre and Meltdown attacks as they emerge while doing as little as possible to affect processor performance.

For its part Intel doesn't seem too fussed, according to a widely-reported statement: "The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers.

"Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research."

While we doubt we've seen the last of new Spectre and Meltdown exploits coming to the fore, there's a good chance that the easily spotted ones have all been discovered and that there will be less frequent attack variants discovered from now on. Well, that's what we hope at least. µ

Further reading

  • Security
Microsoft pushes out Windows 10 patches to plug Spectre and Foreshadow vulns
  • 23 Aug 2018
  • Security
Chrome 67 protects against Spectre hacks but gobbles more RAM
  • 12 Jul 2018
  • Developer
Canonical issues Spectre v2 fix for all Ubuntu systems with AMD chips
  • 22 Jun 2018
  • Security
OpenBSD snubs Intel's hyper-threading over 'Spectre-class' security concerns
  • 20 Jun 2018
  • Tweet  
  • Facebook  
  • Google plus  
  •  
  •  
  • Send to  
  • Topics
  • Chips
  • Security
  • artificial intelligence
  • AMD
  • ARM
  • Meltdown
  • Spectre

INQ Latest

Google Updates: Play Store discounts, Google Phone gets RTT, Hangouts changes
Google Updates: Play Store discounts, Google Phone gets RTT, Hangouts changes

The other Google news of the week

  • Software
  • 15 February 2019
Opera Reborn 3 is now available for developer testing ahead of a March release
Opera Reborn 3 is now available for developer testing ahead of a March release

Everyone clear the Aria!

  • Software
  • 15 February 2019
Samsung Galaxy Tab S5e official with 10.5in screen and Android Pie
Samsung Galaxy Tab S5e official with 10.5in screen and Android Pie

And it's Samsung's thinnest and lightest tablet yet

  • Handhelds
  • 15 February 2019
Twitter is mulling over allowing 'clarifications' instead of full-blown edits
Twitter is mulling over allowing 'clarifications' instead of full-blown edits

Tweaking tweets

  • Applications
  • 15 February 2019
Back to Top

Most read

Galaxy S10 price, release date and specs: Galaxy S10+ appears in hands-on video
Galaxy S10 price, release date and specs: Galaxy S10+ appears in hands-on video
iPhone 11 release date, specs and price: 2019 iPhones to stick with Lightning over USB-C
iPhone 11 release date, specs and price: 2019 iPhones to stick with Lightning over USB-C
Microsoft is already beta testing a 2020 version of Windows 10
Microsoft is already beta testing a 2020 version of Windows 10
Metro Exodus review
Metro Exodus review
Nvidia's GeForce GTX 1660 Ti is almost certainly real
Nvidia's GeForce GTX 1660 Ti is almost certainly real
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About Incisive Media
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • Google+
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017