Everyone has, at one time or another, experienced how dreams can influence our moods and actions. However, putting an idea in somebody else’s head while they are dreaming in order to make them do something specific once they wake up is still the stuff of science fiction. In the 2010 movie “Inception,” Leonardo di Caprio’s character tries to get the heir of a wealthy businessman to break up his father’s empire. To do so, he shares a dream with the heir, in which through clever manipulation, the heir’s convictions about his father are subtly altered, leading him to abandon his late father’s business.
While sharing dreams and planting such ideas is impossible in reality, something very similar has recently been achieved in the world of computers. A team of researchers at ETH Zurich led by Kaveh Razavi, professor in the Department of Information Technology and Engineering, has demonstrated a serious vulnerability of certain CPUs (central processing units) whereby an attacker can plant the equivalent of an idea in a victim’s CPU, coax it into executing certain commands, and thus retrieve information. Razavi and his colleagues present their research at the conference USENIX Security 2023 this week.
A complex attack
While Razavi’s research paper contains names that are reminiscent of James Bond and disaster movies—”Spectre” and “Meltdown” make an appearance—the bulk of it is intricate computer science.
“In fact, much like the movie of the same name, the Inception attack is particularly complex and difficult to explain,” says master’s student Daniël Trujillo, who found this new attack during his thesis work in Razavi’s group, supervised by Ph.D. student Johannes Wikner.
“Still,” Wikner adds, “the crux of the matter with all these attacks is rather simple—namely, the fact that a computer’s CPU has to make guesses all the time, and those guesses can be tampered with.”
In modern computers, guesses are needed because during the execution of a program—a game, say, or a web browser—the CPU has to make hundreds of millions of decisions per second. At certain points in the execution, the following command may depend on a choice made based on some information that has to be
