Modern OS Security Protections Vulnerable to BlindSide Attacks

Summary

Researchers from New Jersey’s Stevens Institute of Technology, ETH Zurich, and Amsterdam’s Vrije University VUSec Group developed a new side-channel attack technique, dubbed BlindSide, which abuses speculative execution to craft exploits to bypass ASLR (Address Space Layout Randomization). An attack begins with common software vulnerabilities, such as memory corruption errors, and then searches and probes for the location where code executes in memory in order to run exploits to attack particular applications and steal sensitive data, though this results in system crashes or detection. BlindSide has the same capability to repeatedly probe memory and result in failed probes and crashes; however, BlindSide is performed in the speculative execution domain where the failed probes and crashes are suppressed and discarded, thus bypassing ASLR. Though recent mitigations have been added by CPU vendors against speculative execution attacks such as Spectre, Meltdown, and others, the researchers offer several mitigations for operating system (OS) manufacturers to help protect against BlindSide attacks.

Recommendations

The NJCCIC recommends implementing a defense-in-depth cybersecurity strategy that includes following the principle of least privilege, utilizing intrusion detection and prevention systems, running an endpoint detection and response technology, keeping hardware and software patched with the latest updates, and establishing a comprehensive data backup plan. The VUSec BlindSide Project offers more technical details, videos, and a research paper.