“Ironically, we show that our attacks are sometimes more effective on these novel CPUs by Apple and Samsung compared to their well-explored Intel counterparts, presumably due to their simpler cache replacement policies,” the researchers have written.
The new attack while being simple appears to be sophisticated. It is written entirely in HTML and CSS – being described as “architecturally agnostic”. It has been reported that the security threat is able to exploit chips made by Intel, AMD, Samsung, and Apple Silicon (M1).
The team of researchers were reportedly able to create a proof of concept for the side-channel. It was reportedly built entirely using HTML and CSS – something that could open the world of the internet to “microarchitectural website fingerprinting attacks.” The cyber attack will reportedly work even when the script execution feature is disabled on browsers.
The research team studying the new side-channel attack includes researchers from the University of Michigan, the University of Adelaide, and the University of the Negev.