On March 5, researchers at IBM Research and EPFL published details and a proof-of-concept exploit they called SMoTherSpectre.
They demonstrate the creation of a side channel by taking advantage of port contention during speculative execution with simultaneous multithreading (SMT), including our implementation, called Intel® Hyper Threading (Intel® HT). A malicious actor can use port contention to detect timing differences between specific speculatively executed code sequences. The differences observed in those measurements can reveal data over time.
After careful assessment, Intel determined that existing mitigation methods like single thread indirect branch prediction (STIBP) can protect software against such issues. Because this style of attack targets specific application data and does not reveal the entire contents of the targeted program, turning on STIBP only when dealing with secret data would be sufficient to mitigate SMoTherSpectre. Sensitive applications may wish to run with STIBP set more broadly in order to guard against other attacks like branch target injection (Spectre variant 2). Critical applications can enable STIBP through the
prctrl OS interface. For other operating systems, developers should refer to vendor-provided instructions or contact the OS vendor. For more information, see Intel's guidance on STIBP.
Intel does not recommend turning off Intel® HT as a mitigation technique because other programming methods are effective and higher performing.