Meltdown and Spectre Leave Every CPU Vulnerable to Attack
Pinterest Stumbleupon Whatsapp
Advertisement

2017 was a bad year for online security The Major Cybersecurity Events of 2017 and What They Did to You The Major Cybersecurity Events of 2017 and What They Did to You Were you the victim of a hack in 2017? Billions were, in what was clearly the worst year in cybersecurity yet. With so much happening, you may have missed some of the breaches: let's recap. Read More . The rise of ransomware The Global Ransomware Attack and How to Protect Your Data The Global Ransomware Attack and How to Protect Your Data A massive cyberattack has struck computers around the globe. Have you been affected by the highly virulent self-replicating ransomware? If not, how can you protect your data without paying the ransom? Read More dominated the early part of the year, while data breaches (including the infamous Equifax hack Equihax: One of the Most Calamitous Breaches of All Time Equihax: One of the Most Calamitous Breaches of All Time The Equifax breach is the most dangerous, and embarrassing, security breach of all time. But do you know all the facts? Have you been affected? What can you do about it? Find out here. Read More ) continued unabated.

Toward the tail end of the year, rumors started spreading of a huge security flaw with Intel CPUs. Just as the sun rose on 2018, researchers unleashed a flood of information on two new exploits: Meltdown and Spectre. Both affect the CPU.

Meltdown primarily affects Intel processors and is (relatively) easy to patch. To add fuel to the fire, Intel’s response to the flaw has drawn sharp criticism from the security industry. Spectre has the potential to affect almost every modern processor across all manufacturers and will be the more challenging of the two exploits in the long term. However, to get a sense of how severe these two flaws are, and how they affect you, we first need to take a look at how a CPU works.

Inside the CPU

The Core Processing Unit (CPU) is one of the most critical parts of your computer and is often referred to as the brain of the operation. The CPU takes instructions from your RAM Everything You Need to Know About RAM & Memory Management Everything You Need to Know About RAM & Memory Management RAM is your computer's short term memory. Hence, memory management has a significant impact on system performance. Here we explain how RAM works and whether you can do anything to increase its efficiency. Read More , decodes them, and then finally performs the requested action. This is known as the Fetch-Decode-Execute cycle What Is A CPU and What Does It Do? What Is A CPU and What Does It Do? Computing acronyms are confusing. What is a CPU anyway? And do I need a quad or dual-core processor? How about AMD, or Intel? We're here to help explain the difference! Read More , and is the backbone of all CPUs.

In theory, this operation is always predictable with the RAM passing all instructions in sequence to the CPU for execution. However, real-world CPUs are more complex than this, often processing multiple instructions simultaneously. As CPUs have got faster, the main bottleneck is the data transfer speed between the RAM and CPU.

In order to boost performance, many CPUs will perform out-of-order execution when an instruction hasn’t yet been loaded from the RAM. If the code branches though, the CPU has to make a best guess as to which branch to follow, which is known as branch prediction. The CPU can then take this one step further and begin speculatively executing the predicted code.

Once the missing instructions are loaded, the CPU can unwind any predictive or speculative action as if it had never happened. However, both Meltdown and Spectre use these mechanisms in order expose sensitive data.

Intel’s Meltdown

Meltdown is currently the more contentious of the two exploits, and affects only Intel processors (although some reports suggest AMD processors may also be vulnerable). The kernel is the core of your computer’s operating system The Linux Kernel: An Explanation In Layman's Terms The Linux Kernel: An Explanation In Layman's Terms There is only one de facto thing that Linux distributions have in common: the Linux kernel. But while it's often talked about, a lot of people don't really know exactly what it does. Read More and has complete control over the system. As it has such comprehensive control, access to your system’s kernel is limited.

However, Intel’s implementation of speculative execution allows for preemptive access to the kernel, before performing an access check. Once the check is complete, the speculative access is blocked, but this brief period is enough to reveal data mapped in the kernel. This data could range from application data to passwords and encryption keys. The exploit is applicable to almost every Intel processor on nearly all operating systems including Linux, macOS, Windows, virtualization environments like VMware, and even cloud computing servers like Windows Azure and Amazon Web Services (AWS).

The exploit was initially found by Google’s Project Zero in mid-2017 and independently reported by another two research groups. All had disclosed the vulnerability to the relevant developers and hardware manufacturers, prior to its publication. This meant that by the time the exploit became public knowledge AWS, Windows, macOS, and Linux had all received updates to prevent this attack.

Prevention is by implementing “kernel page table isolation” which makes it harder to access the kernel. However, this also means that operations will be slower and early reports suggest there may be between a decrease in performance of between 5 and 30 percent following the updates.

Inside Spectre

Most of the media attention has focused on the performance impacts resulting from patching Meltdown. However, Spectre is arguably the more damaging of the two exploits.

Spectre doesn’t just affect Intel CPUs — it affects almost every processor from Intel, AMD, and ARM in every type of device. Where Meltdown requires a rogue application to read the kernel memory, Spectre abuses speculative execution to force other applications to leak their protected data. The researchers were able to perform the attack both with native code and Javascript. The Javascript approach means that browser sandboxing can be bypassed, allowing Spectre to be launched directly from your browser.

This attack is harder to pull off, but is also harder to protect against. The researchers even named the exploit Spectre “as it is not easy to fix, [and] it will haunt us for quite some time.” Software patches will be able to mitigate some variations of Spectre, but it primarily a hardware related issue. The U.S.-based CERT division of the Software Engineering Institute (SEI) even issued a Vulnerability Note, stating that the solution is to “replace vulnerable CPU hardware.”

The Aftermath

Barely a day goes by without a new security flaw, bug, or data breach being unearthed. Some are undoubtedly more critical than others, and Meltdown and Spectre fall into that category. The impact of these exploits is widespread, but the likelihood of experiencing one of these attacks is fairly remote. This is especially true as no one has been able to find evidence that these they have been used before.

What has made these two exploits so widely reported is the vendor’s response to them — Intel in particular. While Microsoft, Amazon, and the Linux community were frantically creating patches to mitigate the exploits, Intel went on the defensive.

Their initial statement in response to Meltdown and Spectre downplayed their severity and attempted to absolve the company of any responsibility. To the ire of many, they said the “exploits do not have the potential to corrupt, modify or delete data” as if the ability to read sensitive data was not of any importance. After their substantial data breach, Equifax took a similar image-defending position. This ultimately resulted in them appearing in front of Congress.

Intel was similarly punished for their approach, with their stock dropping 3.5 percent. Intel’s chief executive Brian Krzanich may also have taken another leaf from Equifax’s book. He reportedly sold $25 million worth of Intel stock after learning of the exploits in November 2017.

Most of the attention has been focused on Intel, but other chip makers have made their positions known too. AMD claims that their processors are not affected by either exploit. Meanwhile ARM took a mixed approach, suggesting that most of their processors were not affected, but providing a detailed list of those that are.

Much Ado About Nothing?

If these exploits were found to be used by malicious parties then the damage would be severe. Fortunately, just like Heartbleed Heartbleed – What Can You Do To Stay Safe? Heartbleed – What Can You Do To Stay Safe? Read More before, these potentially dangerous attacks haven’t been seen in the wild. They also require malicious software to be installed on your computer in order to execute the attacks. So unless you have a very specific set of circumstances, as a home user, you are unlikely to be affected. However, it’s not worth taking the risk.

As vendors, manufacturers, and developers push out updates to mitigate the exploits, you should install them. It wouldn’t hurt to maintain good cyber hygiene Improve Your Cyber Hygiene in 5 Easy Steps Improve Your Cyber Hygiene in 5 Easy Steps In the digital world, "cyber hygiene" is as important as real-world personal hygiene. Regular system checks are needed, along with new, safer online habits. But how can you make these changes? Read More either.

Cloud providers are the most vulnerable to attack, because the potential payoff is far greater. With so much data stored on the cloud, attackers have an incentive to attempt these exploits on cloud servers. It’s a positive sign that some of the major providers have already issued patches. However, it does make you wonder just how secure cloud computing really is The NSA Is Storing Its Data In The Cloud. But Is It Secure? The NSA Is Storing Its Data In The Cloud. But Is It Secure? In the wake of the Edward Snowden leaks, the National Security Agency (NSA) is turning to cloud storage for their data. After they have collected information about you, how secure will it be? Read More . While Intel’s response to the exploits is disappointing, the complexity of the patches and speed at which they were deployed by multiple vendors is commendable and reassuring.

Are you worried by Meltdown and Spectre? Do you think the trade-off between speed and security is acceptable? Who do you think is responsible for the fixes? Let us known in the comments!

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Herman J Woudenberg
    January 9, 2018 at 5:26 pm

    I wonder if the IBM iSeries has the problem?
    Fortress Rochester, The Inside Story of the IBM iSeries page 119.
    “Suppose we want to give a user authority to an object to perform a single operation. The user program may need to temporarily access or modify data in an object, but the user does not this authority permanently. But by giving the user authority in a system pointer, there is no way to take back authority.
    To limit user authority and increase security, IBM added methods to provide temporary authority to a user program. At the same time we removed authority from the pointers for all user programs. Pointers that the operating system uses when in system state can still have the authority in the system pointer.
    Many people still refer to the AS/400 and iSeries as systems having capability-based addressing. However, with the one exception just cited, they do not have capability-based addressing.”