Skip to main content

First Spectre, now BranchScope — another vulnerability in Intel processors

Researchers from four universities discovered a new vulnerability in Intel’s processors dubbed as BranchScope. The problem resides in the method a processor uses to predict where its current computational task will end, aka speculative execution. By exploiting this flaw, hackers with access to the PC could pull data stored from memory that’s otherwise inaccessible to all applications and users. 

The speculative execution process enhances the CPU’s speed by enabling the chip to “speculate” what needs to be done later in the chain of commands to finish the overall task as quickly as possible. This feature explores options in advance, taking different avenues in various branches to get to the final destination in the shortest amount of time. With the path laid out, the CPU completes its task and moves on to the next. 

Recommended Videos

The BranchScope exploit enables attackers to take control of this “think ahead” decision-making component and steer the upcoming path in the wrong direction. Hackers can then grab sensitive data stored in memory not generally accessible by users and applications. The vulnerability is similar to Spectre Variant 2, only BranchScope targets the process that decides which branch the CPU will take next whereas Spectre Variant 2 resides in the cache component associated with branch prediction. 

“BranchScope works reliably and efficiently from user space across three generations of Intel processors in the presence of system noise, with an error rate of less than one percent,” the paper states. “BranchScope can be naturally extended to attack SGX (Software Guard Extensions) enclaves with even lower error rates than in traditional systems.” 

The researchers specifically tested BranchScope on three Intel processors: The sixth-generation Core i5-6200U chip, the fourth-generation Core i7-4800MQ chip, and the second-generation Core i7-2600 chip. As the paper suggests, hackers don’t need administrator privileges to execute the attack. Data can even be pulled from private regions of memory, aka enclaves, that’s locked away by the processor’s Software Guard Extensions. 

The researchers believe Intel’s updates addressing Meltdown and the two Spectre vulnerabilities won’t mitigate the security hole seen in the BranchScope discovery. The problem resides in a different part of speculative execution thus Intel will need to conjure up new software fixes for current chips, and a hardware fix for future processors. But Intel believes it’s current patches should address the BranchScope issue. 

“We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits,” the company states. “We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper.” 

According to Intel, one of the best ways to protect customers is to have a close relationship with the research community. But the company likely wasn’t quite so enthusiastic after researchers went public with the Meldown and Spectre vulnerabilities earlier this year. The company is likely bracing for additional criticism given BranchScope is now out in the open. 

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This compact HP Omen gaming PC is on sale at 39% off today
The HP Omen 16L gaming desktop sitting on a desk.

For those who want a proper gaming desktop but don't have enough space for a big and bulky machine, the HP Omen 16L could be what you need. You're in luck because it's on sale from the gaming PC deals of HP right now, with this configuration featuring the Nvidia GeForce RTX 3050 graphics card available at 39% off. You'll only have to pay $800 instead of its original price of $1,330, but you need to push through with your purchase immediately if you want to make sure you pocket the savings of $530.

Why you should buy the HP Omen 16L gaming PC

Read more
SpaceX’s Starlink rival is about to launch more internet satellites — here’s how to watch
Amazon's KA-01 mission for Project Kuiper gets underway from the Space Coast.

[UPDATE: A technical issue with the rocket has caused the launch to be postponed. We'll update this article with the new launch schedule just as soon as it becomes available.]

Amazon is preparing to launch its second batch of Project Kuiper internet satellites to orbit as it seeks to build out a constellation to take on SpaceX’s Starlink service.

Read more
Weird Mac mini issue prompts Apple to take action
A top-down view of the Mac Mini.

Following multiple reports of specific Mac mini computers failing to power on, Apple has launched a global repair program to sort the problem out.

Apple launched the  M2 Mac mini in January 2023, though the affected units were made between June 16 and November 23 of 2024, according to a notice about the repair program that was first spotted by MacRumors.

Read more