TapTechNews, May 11th – At the 'ASPLOS 2024' academic conference recently held, Google in collaboration with the University of California, San Diego, Purdue University, and others presented a technical paper on a hacking method called 'Pathfinder' which targets Intel CPUs and claims to directly access JPEG images and AES keys being processed in user-end image libraries.
Pathfinder reportedly exploits the branch prediction mechanism of modern CPUs, allowing attackers to read and manipulate components of the Conditional Branch Predictor, thereby 'reconstructing the control flow history of programs' and launching high-resolution Spectre attacks.
TapTechNews notes that the paper also mentions an 'upgrade' from the 2018 Spectre attack scheme, which targets the 'Path History Register (PHR)' within the branch predictor to induce branch prediction errors, causing programs on the victim's device to execute unintended code paths and thus exposing sensitive data.
However, this vulnerability attack is solely based on the previously exposed 'Spectre v1 vulnerability' of Intel processors, with AMD, Apple, and Qualcomm processors being unaffected. Nevertheless, the researchers also point out that no processor is entirely flawless, suggesting that the content within the Path History Register is easily leaked, exposing many branch codes as potential attack surfaces, and that such vulnerabilities pose significant security risks once exposed.
'Nuclear Launch Codes Hijacked? In-depth Analysis of Meltdown and Spectre Attacks'