Researchers from Binghamton University—State University of New York and the University of California, Riverside (UCR) have found a weakness in Haswell central processing unit (CPU) components that makes common computer operating systems vulnerable to malicious attacks.

Address space layout randomization (ASLR) software automatically randomizes information in a computer’s memory, which protects a machine during crashes and defends against a wide range of malware. A team led by Dmitry Ponomarev, professor of computer science, and PhD candidate Dmitry Evtyushkin, at Binghamton University, and Nael Abu-Ghazaleh, UCR professor of computer science and engineering, have identified a way to disable and bypass ASLR by attacking the branch predictor hardware.

With the ASLR down, a hacker can perform a range of attacks to gain administrator or "root"-level privileges to steal sensitive data. Image credit: Pixabay. By manipulating a CPU’s branch predictor—a piece of hardware designed to improve program performance—to exploit a weak point in ASLR software, computer hackers could take control of individual, company and government computers, according to the researchers. With the ASLR down, a hacker can perform "buffer overflow" and "code reuse" attacks to gain administrator or "root"-level privileges to steal sensitive data.

However, they point out, another exploitable vulnerability in software is needed to perform a buffer overflow attack. The team suggests several methods to mitigate the various types of attacks in a recently published paper, "Jump over ASLR: Attacking the Branch Predictor to Bypass ASLR."

Attackers have an arsenal of tricks at their disposal, Ponomarev notes, and systems deploy wide-ranging protections against them. ASLR is only a piece of this puzzle and, if the system does not have other vulnerabilities, it is very difficult to attack even if ASLR is broken, he adds.

"It is unreasonable to expect Intel, or any company, to anticipate these kinds of sophisticated attacks while designing chips," Ponomarev says. "Hardware vendors are already doing a lot for security, and we should encourage them to continue to do so."