CPUsUncategorized

Researchers Design Website that Can Steal Data From Intel and Apple M1 CPUs Using Web Browsers

The Spectre and Meltdown vulnerabilities were one of the most glaring security blunders in the history of modern microprocessors (though not as pressing). While both Intel and AMD have released patches for (most of) their products that defend against this vulnerability, it’d be fair to say that a fair number of users didn’t implement them. (Alprazolam) Now, some researchers from Google’s security team have developed a website that demonstrates the Spectre security flaw.

All you need to do to verify this flaw is visit the above-linked website using any browser and then follow the instructions. Finally, match up the results with the expected output provided, and you’ll know whether your processor defends against Spectre. Although both the latest lineups from Intel and AMD have hardware-level mitigations against both Spectre and Meltdown, there are still millions of PCs that use older chips, and hence are still vulnerable.

Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We have developed an interactive demonstration of the attack available at https://leaky.page/; the code and a more detailed writeup are published on Github here.

The demonstration website can leak data at a speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. Note that the code will likely require minor modifications to apply to other CPUs or browser versions; however, in our tests, the attack was successful on several other processors, including the Apple M1 ARM CPU, without any major changes.

In the above test, the 6th Gen Core i7-6500U was used but as per the team, many other processors including the newly launched Apple M1 are also vulnerable to this attack.

The website successfully steals data at a speed of 1 KB/s when running on other Intel’s older Skylake-based processor, but can be modified to work with many new models, including the new M1 SoC from Apple.

Source

Areej Syed

Processors, PC gaming, and the past. I have been writing about computer hardware for over seven years with more than 5000 published articles. Started off during engineering college and haven't stopped since. Mass Effect, Dragon Age, Divinity, Torment, Baldur's Gate and so much more... Contact: areejs12@hardwaretimes.com.
Back to top button