Everyone has, at one time or another, experienced how dreams can influence our moods and actions. However, putting an idea in somebody else’s head while they are dreaming in order to make them do something specific once they wake up is still the stuff of science fiction. In the 2010 movie “Inception” Leonardo DiCaprio’s character tries to get the heir of a wealthy businessman to break up his father’s empire. To do so, he shares a dream with the heir in which, through clever manipulation, the heir’s convictions about his father are subtly altered, leading him to abandon his late father’s business.
While sharing dreams and planting such ideas is impossible in reality, something very similar has recently been achieved in the world of computers. A team of researchers at ETH led by Kaveh Razavi, professor in the Department of Information Technology and Engineering, has demonstrated a serious vulnerability of certain CPUs (central processing units) whereby an attacker can plant the equivalent of an idea in a victim’s CPU, coax it into executing certain commands and thus retrieve information. Razavi and his colleagues present their research at the conference USENIX Security 2023 this week.
A complex attack
While Razavi’s research paper contains names that are reminiscent of James Bond and disaster movies – Spectre and Meltdown make an appearance – the bulk of it is intricate computer science. “In fact, much like the movie of the same name, the Inception attack is particularly complex and difficult to explain”, says Master’s student Daniël Trujillo, who found this new attack during his thesis work in Razavi’s group, supervised by PhD student Johannes Wikner. “Still”, Wikner adds, ”the crux of the matter with all these attacks is rather simple – namely, the fact that a computer’s CPU has to make guesses all the time, and those guesses can be tampered with.”