From Dreams to Nightmares: Inception Exploit Lets Attackers Steal Your Secrets
A new Spectre-like exploit impacts virtually all AMD processors manufactured since 2017, and allows attackers to steal private information.
Spectre is a critical CPU vulnerability that was first disclosed in 2018. It exploits the architecture of modern microprocessors, including those developed by Intel, AMD, and Arm. Spectre is a speculative execution vulnerability, which targets a fundamental optimization technique used by processors to improve performance. Speculative execution allows processors to predict and execute upcoming instructions, which can speed up overall performance by executing tasks before they are actually needed. However, Spectre exploits the speculative execution process to leak sensitive data from a computer's memory, potentially exposing highly confidential information such as passwords, encryption keys, and other sensitive data.
In the months following the disclosure of Spectre, a number of fixes were supplied by chip manufacturers, aimed at mitigating the problem through a combination of hardware and software fixes. And while addressing the Spectre vulnerability has proven to be challenging, as it's deeply rooted in the way modern processors are designed, the number and severity of Spectre-related attacks has greatly diminished since the close of 2018. This episode led the tech industry to reevaluate processor design principles and security practices, resulting in a heightened focus on proactive security measures.
Things were looking up in the world of microprocessors. Well, they were, anyway, until security researchers at ETH Zurich shattered our illusion of security by revealing another major Spectre-like attack that impacts AMD processors, which they have named Inception. Unfortunately, this exploit affects most of AMD’s CPUs going all the way back to 2017. And those of you with the latest and greatest chips are not safe either — even the Zen 4 Epyc and Ryzen processors are vulnerable.
The researchers went on a fishing expedition of sorts, to determine whether or not they could get a speculative execution attack to work after new security measures were put in place by chipmakers. After lots of trial and error, they found that on many AMD chips, they could trick the processor into believing it had seen certain instruction before that in reality, it had not. This was the foot-in-the-door they needed to be able to modify the CPU’s look-up table.
Since the CPU believed that the entries in this look-up table originated from legitimate instructions that it had previously executed, all of the new Spectre-related security features were defeated. The consequences of this vulnerability are very severe. Using this technique, an attacker can steal data from any location in the computer’s memory, including passwords and encryption keys.
According to AMD, Inception attacks can only be invoked locally, for example by downloading and executing malware on your machine. So if you have a modern AMD CPU, now is as good a time as any to brush up on good security practices. The researchers do point to what could be much bigger issues for users of cloud computing resources, however. In cases where cloud customers are sharing resources, it may be possible for a user of such a shared system to use the Inception technique to steal data from other users.
AMD has already begun to work with computer manufacturers to roll out updates, in the form of microcode patches or BIOS updates, to address Inception. That is the good news. The bad news is that some of the speculative execution-related features that help to make modern processors so fast are likely to be deactivated or otherwise hampered to get around the issue. So if your shiny new processor does not seem as fast as it used to be after the update, it might not be all in your head.