Super Spectre vulnerability triggers another Computer Security Scare

    Intel’s former cybersecurity researcher Yuriy Bulygin has made it public that the famous Spectre exploit could be further exploited to gain access to all the sensitive info stored on the machine. The newly discovered cyber attack variant exploiting Spectre flaw on a further note was discovered in April this year and Intel has been informed about the vulnerability at the end of last month.

    Bulygin, who now owns a cyber threat detection startup named Eclypsium, said in a post that the new attack variant has the ability to bypass the hardware-based memory protections and allows hackers to get a sniff of the read data from the firmware called System Management Mode Memory (SMMM). The SMMM offers access rights to admins and allows them to utilize control key functions of the machines- like shutting the processors when it gets overloaded.

    Readers of Cybersecurity Insiders have to make a note of a fact that in January 2018, security researchers from Google’s Project Zero and some academic researchers from several countries exposed two flaws to the world named –Meltdown and Spectre.
    Meltdown is a flaw that specifically hits the silicon wafers of Intel and allows hackers bypass the hardware barrier between applications to read the underlying data.

    On the other hand, Spectre affects chips from AMD and ARM along with Intel and lets hackers gain access to error-free applications to sneak into the sensitive info.

    Now, the newly discovered flaw by Yuriy says that the Spectre flaw can be further exploited to gain access to all the sensitive data on the computer including those processed by virtual servers.

    Mr. Bulygin isn’t sure how many of the hackers have accessed this flaw to date. But added in his statement that since SMM memory is used in all Intel’s x86 processors the vulnerability rate might be severe.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display