According to IOActive, which describes itself as an ethical hacking company, researchers there can bypass address space layout randomisation (ASLR), which is often used as a defence against malware.
The ASLR function randomises code locations which is intended to cause systems to crash rather than be completely compromised.
Alfredo Pironti, a senior security consultant at IOActive, said that the flaw means that hardware security is important in prevening hacks.
Pironti said: “This is an interesting case as it shows that software isn’t always the easiest point of entry, particularly for those hackers that have a deeper knowledge of hardware and its vulnerabilities. But this is not the first case of something like this happening, and hardware side-channel attacks are something we have been aware of for a while.”
He continued: “It is worth noting that these attacks are often more expensive and time consuming to conduct, compared to classical software attacks. Usually they also have stricter conditions, such as running a specific software on the victim’s machine and being able to collect CPU metrics. However, this doesn’t mean that we shouldn’t be vigilant. Cybercriminals are more sophisticated, well-funded and – worst of all – patient than ever before, and are always looking for new and surprising ways to infiltrate. This is why it is vital that companies have their chips pen tested during the development stage, as the cost and complexity of remediating an attack of this kind is enormous.”