Priya PatelTLDR:
- Intel could have fixed Spectre & Meltdown bugs earlier if they had taken reports from academic researchers more seriously.
- Researchers are now collaborating with chip makers to counter vulnerabilities and explore emerging threats.
Intel and academic researchers have been working closely to address hardware flaws like Spectre and Meltdown. Daniel Gruss, a researcher at Graz University of Technology, believes that the vulnerabilities could have been resolved earlier if chip makers had paid more attention to reports from researchers. Gruss reported the prefetch side-channel at the heart of Spectre to Intel in 2016, but the company did not act on it promptly. However, Intel now takes security flaws seriously and collaborates with researchers and other vendors to address emerging threats. Gruss and Intel fellow Anders Fogh will discuss these issues at Black Hat USA 2024. They will explore recent side-channel attack techniques like Hertzbleed, Platypus, and Zenbleed, and examine mitigation strategies. While side-channel attacks on CPUs like Spectre and Meltdown are well-known, researchers are now focusing on GPUs, particularly in the realm of AI applications. Nvidia, for example, recently issued security alerts related to its GPU drivers. As technology evolves, researchers anticipate more complex and impactful attacks on GPUs. Another area of concern is confidential computing, which involves secure enclaves within hardware for protected applications. Intel and AMD offer confidential computing chips for AI applications, but the increased complexity also widens the attack surface. The community is urged to explore potential vulnerabilities in this space before they are exploited by attackers.
