Cyber attacks: why you need to know about Meltdown and Spectre

Is your computer “melting down”?

Meltdown and Spectre are hardware vulnerabilities that allow programs to steal data on the computer.
The flow is in the CPU (Central Processing Unit) architecture and that’s mean Meltdown and Specre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.

 

Meltdown and Spectre: what they are, how they work.

MELTDOWN.
Meltdown exploits a race condition, inherent in the design of many modern CPUs. This occurs between memory access and privilege checking during instruction processing. Additionally, combined with a cache side-channel attack, this vulnerability allows a process to bypass the normal privilege checks that isolate the exploit process from accessing data belonging to the operating system and other running processes. The vulnerability allows an unauthorized process to read data from any address that is mapped to the current process’ memory space. Since instruction pipelining is in the affected processors, the data from an unauthorized address will almost always be temporarily loaded into the CPU’s cache during out-of-order execution —from which the data can be recovered. This can occur even if the original read instruction fails due to privilege checking, and/or if it never produces a readable result.

Since many operating systems map physical memory, kernel processes, and other running user space processes into the address space of every process, Meltdown effectively makes it possible for a rogue process to read any physical, kernel or other processes’ mapped memory—regardless of whether it should be able to do so. Defenses against Meltdown would require avoiding the use of memory mapping in a manner vulnerable to such exploits (i.e. a software-based solution) or avoidance of the underlying race condition (i.e. a modification to the CPUs’ microcode and/or execution path).

The vulnerability is viable on any operating system in which privileged data is mapped into virtual memory for unprivileged processes—which includes many present-day operating systems. Meltdown could potentially impact a wider range of computers than presently identified, as there is little to no variation in the microprocessor family used by these computers.

A Meltdown attack cannot be detected if it is carried out.

SPECTRE.
Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

In short

MELTDOWN
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.
Why is it called Meltdown?
The vulnerability basically melts security boundaries which are normally enforced by the hardware.

SPECTRE
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
Why is it called Spectre?
The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.

 

Are you affected by these vulnerabilities?

Most certainly, yes.

 

Can your antivirus detect or block this attack?

While possible in theory, this is unlikely in practice. Meltdown and Spectre are hard to distinguish from regular benign applications.

 

What can be leaked?

If your system is affected, Meltdown and Spectre can read the memory content of your computer. This may include passwords, sensitive data and everything stored in the system.

 

Which systems are affected by Meltdown and Spectre?

MELTDOWN: desktop, laptop, and cloud computers. More technically, every x86 microprocessors built by Intel and some ARM-based microprocessors are affected by Meltdown. At the moment, it is unclear whether AMD processors are also affected.

SPECTRE: almost every system is affected by Spectre: desktops, laptops, cloud servers, as well as smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable: Intel, AMD, ARM-based and Intel processors.

 

Is there a solution?

Yes, replace your CPU hardware.

 

Is there a workaround or a fix?

There are patches against Meltdown for Linux, Windows, Android and macOS.

There is no fix against Spectre (unless you change your hardware), but there is work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre (LLVM patch).

Now for the bad news. The operating system patches will slow down your PC, though the extent varies wildly depending on your CPU and the workloads you’re running. You still want to install the updates for security reasons.

 

What can you do to protect your PC against Meltdown and Spectre CPU flaws?

Here’s a quick step-by-step checklist:

  • Update your operating system
  • Check for firmware updates
  • Update your browser
  • Update other software
  • Keep your antivirus active

Here the full process to help you step by step: https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html

 

Who reported Meltdown?

Meltdown was discovered independently by Jann Horn from Google‘s Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology, as well as Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology.

Who reported Spectre?

Spectre was discovered independently by Jann Horn from Google‘s Project Zero and Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom.

 

Do you want more technical information about Meltdown and Spectre?

Click here (https://googleprojectzero.blogspot.it/2018/01/reading-privileged-memory-with-side.html).

Flavia Piantino Gazzano
flavia@mon-k.com

Graduated in Public Relations and Communication, specialized in Business Communication, she has gained a decade of experience as account, project manager, digital marketer and growth hacker. Flavia has a strong focus on digital transformation, social media, PR; she uses strategic communication as a strong asset in her life and has a creative approach to problem solving. Her goal is to create effective and efficient business growth strategies. She works with Mon-K since 2015 as Marketing and Communication Manager.

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.