Academics say that BranchScope is the first side-channel attack that targets "direction prediction" and that the technique can also be used to retrieve content stored inside SGX enclaves, secure areas of Intel CPUs, previously thought to be untouchable.

The research team also tested their technique in field tests and said they successfully retrieved data from three recent Intel x86_64 processors — Sandy Bridge, Haswell, and Skylake. The team said the attack can be launched from user space (no admin rights) and has an error rate of less than 1%.

Researchers also say that because this is a novel attack, there are no mitigations currently in place for BranchScope attacks. Spectre patches (meant to fix TBT-based attacks) are ineffective against BranchScope, they said.