Indirector Side-Channel Attack: A Closer Look at Intel CPUs. Here is a quick look


Indirector Side-Channel Attack: A Closer Look at Intel CPUs. Here is a quick look

In recent security research, a new type of high-precision Branch Target Injection (BTI) attack has emerged, targeting Intel processors. Dubbed the “Indirector,” this vulnerability poses a significant threat to sensitive information stored within CPUs. In this article, we explore the mechanics of the Indirector attack, its impact, and the mitigation efforts by Intel.


Understanding the Indirector Attack

The Indirector attack leverages a memory optimization feature present in Intel processors. Specifically, it exploits the Gather instruction, designed to accelerate access to scattered data in memory. Unfortunately, during speculative execution, this instruction inadvertently leaks the content of internal vector register files. As a result, any software running on the same CPU gains unintended access to these registers.

Scope of Vulnerability

  1. Affected CPUs: The vulnerability spans multiple generations of Intel Core processors—from Skylake (introduced in 2014) to Tiger Lake. Even disconnected devices, such as laptops and desktops, are susceptible.
  2. Data at Risk: Indirector allows malicious apps to pilfer sensitive information, including passwords, encryption keys, and personal data (such as banking details and emails).

Attack Techniques

Security researcher Daniel Moghimi identified two attack techniques associated with Indirector:

  1. Gather Data Sampling (GDS): A highly practical method that enables the theft of 128-bit and 256-bit AES keys.
  2. Gather Value Injection (GVI): Allows spying on printable characters and arbitrary data from the Linux kernel.

Mitigation Efforts

Intel responded swiftly by releasing firmware updates for all affected CPUs. Here’s how different OS vendors are handling the situation:

  • Non-SGX Processors: These can be patched at the OS level.
  • SGX CPUs: A more complex process is required.

Practical Exploitation and Browser Safety

While GDS makes the vulnerability practical, there’s a silver lining: Indirector isn’t easily exploitable without physical access to the target computer. Currently, there’s no evidence that it can be carried out via web browsers.

Industry Response

Major cloud providers—Amazon, Google, and Microsoft—have informed their users about the potential impact of Indirector. Additionally, Debian, Ubuntu, and Gentoo have already made microcode updates available.


The Indirector side-channel attack underscores the ongoing battle between security researchers and threat actors. As Intel continues to address vulnerabilities, users must stay vigilant and apply necessary updates promptly.

Remember, security is a collective effort. By staying informed and taking proactive steps, we can safeguard our digital world against emerging threats.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment