Today, three groups of security researchers from the Technical University of Graz, Cerberus Security, and Google Project Zero revealed a pair of defects in modern computers that allow adversaries to steal passwords and other sensitive data from virtually any computer in use today.
The existence of these bugs has been hinted at for weeks as maintainers of the Linux kernel, as well as Apple, Microsoft and other OS vendors prepared patches based on some undisclosed knowledge. Today, the researchers revealed the details, and it’s very bad.
The researchers revealed two attacks, dubbed “Meltdown” and “Spectre.” Both attacks take advantage of the universal practice of “speculative execution” in microprocessors, in which the chips make shrewd guesses about the instructions they are about to be asked to execute, and discard the outcomes of their wrong guesses. This is key to processor performance, and the patches available today for Meltdown slow down Intel processors by up to 30%.
Meltdown affects Intel processors. The researchers describe it thus:
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Spectre, the other attack, affects Intel, AMD and ARM processors, and has no patch. The researchers’ description:
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to SpectreSpectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
You should patch your computer, but that’s only for starters. What really needs to happen next is a fundamental rethink of how processors handle speculative execution, a project that will cost billions and take years, and in the meantime, the security community, governments, cyber arm-dealers and criminals will be thinking up ways to exploit these bugs.
Longer term, we’d expect a future Intel architecture to offer some kind of a fix, either by avoiding speculation around this kind of problematic memory access, or making the memory access permission checks faster so that this time interval between reading kernel memory, and checking that the process has permission to read kernel memory, is eliminated.
Meltdown and Spectre [Technical University of Graz, Cerberus Security, and Project Zero]
“Meltdown” and “Spectre”: every modern processor has unfixable security flaws [Peter Bright/Ars Technica]