New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep

  /     /     /  
Publicated : 23/11/2024   Category : security


New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep


The vulnerability, dubbed SWAPGS, is an undetectable threat to data security, similar in some respects to Spectre and Meltdown.



Bogdan Botezatu, director of threat research at BitDefender, leans across the table in a hotel lobby coffee shop to make his point. When youre a CISO, there is no single of vulnerability youre aware of that doesnt keep you awake at night. The new vulnerability his team of researchers found — the vulnerability they will reveal in a press conference this evening — is one that he says should definitely contribute to CISO insomnia.
The new vulnerability, dubbed SWAPGS by the BitDefender research team, is a speculative execution vulnerability that Botezatu says is similar in some respects to Spectre and Meltdown. What we have done is to manipulate this instruction called SWAPGS in order to sample information from the realm of the operating system memory into the user space, he explains.
SWAPGS is an
instruction
that swaps the contents of a particular register with the contents of a specific memory location. The instruction is defined as a privileged instruction that should be available only to system software, such as a hypervisor. One of the things that makes the instruction dangerous when exploited is that it can provide rapid access to certain data structures used by the operating system kernel.
When the instruction is manipulated, Botezatu says, This can lead to all sorts of trouble like leaking out information about passwords, encryption, keys, tokens, authentication, cookies, and other sensitive information that goes through the processor.
Like many of the other speculative execution exploits that have been found, SWAPGS doesnt allow the attacker to manipulate the data being stored in the memory location — it only allows for the contents of that memory location to be monitored. You just poke the memory, and run a time-based attack. If its something interesting, its fine. If not, you have just lost 20 seconds and you need to go back to square one, Botezatu explains.
As with most of the other speculative execution attacks, Botezatu sees SWAPGS as something that could be a tool for patient nation-state actors, not finance-focused criminals. Criminal actors, he says, can simply launch repeated phishing attacks to get the information that might become available through SWAPGS.
Still, he points out, a speculative execution attack like SWAPGS is dangerous because it bypasses hardware-based protection and is undetectable by normal security packages. Furthermore, while BitDefender followed responsible disclosure and Microsoft has issued a Window patch for the vulnerability, Botezatu says, We know that in enterprises, patch adoption is not something that happens overnight. That can take anywhere from one to 180 days, if youre lucky.
Related content:
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Real-World Threats That Trump Spectre & Meltdown
How Intel Has Responded to Spectre and Meltdown
Enterprise Malware Detections Up 79% as Attackers Refocus
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep