Kungiyar masu binciken tsaro, da yawa daga cikinsu sun halarci gano farkon rauni da raunin Specter, ɓullo da wani sabon nau'in harin akan tashoshi na ɓangare na uku.
Wannan harin yi bisa ga ma'aunin bayanan abun ciki na shafi, wanda ke dauke da bayanan da aka samu sakamakon tsarin aiki damar zuwa fayafai, SSDs, da sauran na'urori masu kullewa.
Ba kamar hare-haren Specter ba, sabon yanayin rashin lahani ba ya haifar da matsalolin kayan aiki, amma kawai ya shafi aiwatar da kayan aikin software na shafin shafin kuma yana bayyana a cikin Linux (CVE-2019-5489), Windows kuma wataƙila sauran tsarin aiki da yawa.
Ta hanyar sarrafa mincore (Linux) da QueryWorkingSetEx (Windows) tsarin kira don ƙayyade kasancewar shafin ƙwaƙwalwa a cikin ɓoye shafin shafi, wani maharan gida mara izini na iya gano wasu damar ƙwaƙwalwar ajiya na wasu matakai.
Harin ya ba ka damar waƙa da samun dama a matakin toshewa 4 kilobytes tare da ƙudurin lokaci na microseconds 2 akan Linux (ma'aunin 6.7 a dakika ɗaya) da 446 nanoseconds akan Windows (matakan 223 a sakan ɗaya).
Shafin shafi yana tara bayanai daban-daban, gami da cire fayilolin aiwatarwa, dakunan karatu mai raba, bayanan da aka loda zuwa faifai, fayilolin madubi a cikin ƙwaƙwalwa da sauran bayanan da ake adana su gabaɗaya akan faifai waɗanda ake amfani da su ta tsarin aiki da aikace-aikace.
Mecece wannan harin?
Harin ya dogara ne da cewa duk matakai suna amfani da ma'ajin tsarin shafi na gama gari kuma kasancewar ko rashin bayanai a cikin wannan ma'ajin ana iya tantance su ta hanyar sauya jinkiri wajen karanta bayanai faifai ko magana game da tsarin kira da aka ambata a sama.
Za'a iya yin amfani da shafukan da aka adana a cikin yankin ƙwaƙwalwar ajiya ta kama-da-wane ta hanyar aiwatarwa da yawa (alal misali, kwafi ɗaya kawai na ɗakin karatu mai rabawa na iya kasancewa a cikin ƙwaƙwalwar ajiyar jiki, wanda aka nuna a cikin ƙwaƙwalwar kamala ta aikace-aikace daban-daban)
A yayin da ake kewaya bayanan daga shafin shafin da yada shi lokacin loda bayanai na yau da kullun daga faifai, zaku iya bincika matsayin shafuka iri ɗaya a cikin ƙwaƙwalwar ajiya ta sauran aikace-aikace.
Tsarin mincore da QueryWorkingSetEx suna kira da sauƙaƙa sauƙaƙe kai tsaye ta hanyar ba ka damar ƙayyade nan da nan waɗanne shafukan ƙwaƙwalwar ajiya daga kewayon adireshin da ke cikin cache ɗin shafin.
Tunda girman toshewar da aka sanya wa ido (4Kb) ya yi yawa don ƙayyade abubuwan da ke ciki a kowane lokaci, za a iya amfani da harin kawai don watsa bayanai ta ɓoye.
Rage ƙarfin ayyukan ɓoyewa ta hanyar bin halayen algorithm, kimanta hanyoyin samun damar ƙwaƙwalwar ajiya na sanannun hanyoyin aiki, ko sa ido kan ci gaban wani aiki.
Tsarin bayanai a cikin ƙwaƙwalwar ajiya wanda aka san mai harin (Misali, idan asalin abubuwan da aka ajiye a farko aka san su a lokacin fita daga maganganun tabbatarwa, zaku iya tantance Arola dangane da alamar ɓarna yayin shigarwar mai amfani da ku.)
Shin akwai mafita game da wannan?
Haka ne, idan har akwai mafita daga Linux Irin wannan bincike yana taimakawa gano matsaloli kafin wasu masu niyyar cutarwa suyi amfani da su.
Ga kwayar Linux, an riga an samo maganin azaman facin, wanda ya riga ya kasance aka bayyana kuma rubuce a nan.
Dangane da Windows 10, an gyara matsalar a cikin gwajin gwaji (Insider Preview Build) 18305.
Aikace-aikace na kai hari kan tsarin gida wanda masu binciken suka nuna sun hada da kirkirar hanyar watsa bayanai daga kebabbun wurare, nishaɗin abubuwan da ke kan allo (misali, maganganun tabbatarwa), ma'anar maɓallan maido da dawo da ta atomatik ƙirƙirar kalmomin shiga na wucin gadi).