Specter: the flaw that affects all the world’s computers is back

A few days after the world celebrated the New Year 2018, computer researchers released a major discovery into the wild that had shaken the world of computer security: the Specter and Meltdown flaws were revealed. Complex to operate but exploitable, they simply affected every computer in the world, with a few exceptions.

It seems that Specter is back at the beginning of May 2021, even more dangerous than before.

Variant spectrum 2021: a new global flaw

I See Dead μops “, In reference to the sentence that has become a meme” I see dead people “from the film The sixth sense from 1999. That’s the title of the research paper published by computer security experts at the universities of Virginia and San Diego. The “μops”, micro-op caches, are indeed used to hack computers in this new version of Specter.

Micro-op caching is a technology that improves CPU performance… and that’s the whole point. All new generation CPUs have this system, due to the race for performance that Intel and AMD have been doing for several years.

However, according to the researchers, all computers that have micro-op cache are vulnerable either … all Intel processors produced since 2011 and all AMD processors produced since 2017.

A loophole that will never be filled?

Like Specter or Meltdown, if the flaw in question is real, it requires a level of knowledge in hacking that makes it difficult to exploit. And that’s the whole problem: the chip giants are going to have to make a choice.

If it is possible to close the loophole, for researchers this would lead to a loss of power of the processors concerned, and therefore of the vast majority of computers in the world. A difficult decision to make as the need for computing power continues to grow.

On the other hand, leaving the flaw unpatched could lead to a wave of hacks, especially since it is now known to the general public. If particular computers should not be affected, certain large groups or governments could be the target of attacks to steal information or by ransomware.