Remember the Meltdown and Spectre chip architecture flaws that affect the vast majority of computers we interact with on a daily basis, including smartphones and tablets? The hardware issues have been patched via software updates that, in turn, caused unwanted side-effects themselves, including temporary issues like unexpected boots, or permanent ones like a drop in performance.
In the future, new chips should come with hardware changes that would prevent Meltdown and Spectre-like attacks. That’s what we were led to believe. But researchers have discovered new attack paths that take advantage of the Meltdown and Spectre machines and may be replicated on computers of the future. It appears that hardware fixes might not be possible.
MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols is a the title of a new research paper from Princeton University which describes two different expliots, including MeltdownPrime and SpectrePrime, that derive from the original flaws.
The Princeton team discovered ways to extract sensitive information out of computers, including passwords and other secret data, The Register explains. While current software patches block the new Prime vulnerabilities as well, future changes to hardware might not be enough to permanently neutralize the exploits.
If that’s accurate, these new exploits may have to be patched via software, and these fixes may come with performance issues in tow. Not to mention that software can still be hacked.
Meltdown and Spectre take advantage of the processor design characteristics to get access to privileged data like passwords. Their Prime counterparts build upon the initial flaws, to find out what you’re using the computer’s cache for. That’s a type of memory found on any type of computer, meant to allow the processor to quickly access data. And it’s something you don’t really have control of — check the full research paper at this link.