Attack scenarios such as 'Meltdown' and 'Spectre' are aimed at creating access conflicts in the memory. This makes it possible for the attacker to access confidential memory contents such as passwords or encrypted data. "You don't need administrative rights to do this and you don't even have to have physical access to the processor," says Prof. Dr. Wolfgang Kunz, holder of the Chair of Information Technology Systems Design at the Technical University of Kaiserslautern (TUK). "It is sufficient to execute a program with user rights".

Until now, security researchers assumed that the vulnerability affected complex processor architectures that work with out-of-order execution. This method allows the hardware to execute work steps in a different, more favorable order than specified by the program code. This allows the processor performance to be increased. However, there are also side effects that can be exploited by side-channel attacks such as Meltdown or Spectre.

Side channel also in embedded processors

However, refraining from using high-end processors with out-of-order execution does not protect against this vulnerability. Researchers led by Prof. Dr. Kunz, together with colleagues from Stanford University, have shown that even less complex processors have side channels that can be exploited by attackers.

They demonstrated this using a specially developed attack scenario called 'Orc-Attack'. The components affected are primarily those used in embedded systems. This means that, in principle, a whole range of applications could be attacked, from consumer electronics and medical technology to building and production automation.

Automated detection of security vulnerabilities

In order to automatically detect side channels in the processor hardware, the researchers have developed a calculation method called 'Unique Program Execution Checking' (UPEC) and demonstrated it using an open source processor. It is based on an industrial verification environment for hardware debugging and can be used in the future to detect security vulnerabilities during development.

It is not known how many of the commercially available processors are actually vulnerable via side channels. Access to the chip manufacturers' designs is necessary for the investigation. The research results to date have been published in the publication "Processor Hardware Security Vulnerabilities and their Detection by Unique Program Execution Checking".