Meltdown and Spectre

Now that we know what the Kernel is, and more importantly, what it does; we are going to talk a bit of Meltdown and Spectre.

Two papers (Meltdown and Spectre) have been published by researchers from various universities across the globe and several Google researchers. Both of them describe the way in which cyber-criminals could steal sensible information from our devices.

There are good new though, several patches have been deployed to mitigate this flaw. Unfortunately, drop in performance (from 5% to 30%) have been reported after the Microsoft patches have been installed. Furthermore, the deployment of patches for AMD processors has been halted by Microsoft. This is due to the many complaints that users could not boot their PCs after the patches.

The short but tech-savvy explanation is :

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

The short non tech-savvy explanation is as follows:

All starts with something called Speculative Execution. I know it might sound terrible, but bare with me.

Let’s say you are running a service that gathers information upon request from your clients.

For example:

A client comes to you at 10am in the morning and asks you to print for him a list of news that are related to cyber-security.  Your client does this daily for 5 days, the he has the exact same request, at exactly the same hour. Since we are “smart cookies”, we observe a pattern and we start printing the list before he arrives. We see the client is happy that he got his list faster this time. We continue doing this, the client is happy, we are happy.

But one day, he comes at 10 am and asks for 4 types of chocolate chip cookie recipes. We print what he asked us, and we throw away what we already printed.

Speculative Execution works similarly. If the calculations that were performed by the computer are not needed, they are being thrown away into a side-channel.

This information then arrives in an unsecured part of the cache memory that can be accessed through a side-channel. If we use the above-mentioned printing story, all the unwanted lists arrive in a trash bin that can be accessed by bad guys.

Why isn’t that data secured? The answer is simple, when Speculative Execution was invented, the devices were not connect to each-other.  Thus, there was no reason to secure something to which no external party would have access to. Unfortunately, this has never been addressed until now.

There are many patches that have been released, and Microsoft tries to mitigate the issues that might arise from the Intel Chip flaw. But, and there is a big BUT, systems that receive the update have been signalling a decrease in performance. This decrease in performance varies from 5% up to 30% in some cases.

Sources: SEI, Cyberus Tech Blog, Meltdownattack.com, Spectreattack.com

 

 

 

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s