Well, we hate starting 2018 with this kind of an update, but a series of security vulnerabilities called Spectre and Meltdown made the news recently. These vulnerabilities are serious and unreal enough to be out of a Mr Robot episode. They can be exploited in almost all modern CPUs and are independent of the operating system. And as if this doesn’t sound scary enough, they were present in Intel architectures for many years without anyone knowing anything.
Both vulnerabilities exploit modern CPU optimisation techniques such as out-of-order execution and branch-prediction. The result is attackers being able to read arbitrary memory locations, even inside other processes or VMs, or execute arbitrary code in memory. Branch prediction is a CPU technique that is used to predict how an “if-then-else” statement will occur, offering significant performance gains. By using Spectre however, one can trick the CPU to miscalculate and branch to an arbitrary memory location and execute arbitrary code.
Out of order execution is another technique by which the processor, instead of waiting for some data to be ready until it executes the next command, fetches and executes the data that is available right now, re-ordering the results accordingly afterwards. Because a certain CPU cache is changed every time that the CPU does out-of-order lookups, researchers have found a way to exploit this. By capturing side-channel information (such as these changes in the cache) and transmitting them to the outside world via a covert channel, see the Flush+Reload section in (1) , an attacker on the receiving end can use this information to reconstruct the register value. This can be effectively used to dump the entire kernel memory.
The impact is frighteningly wide, affecting multiple devices such as PCs, laptops, tablets and even smartphones. According to Paul Kocher et al. (1):
We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.
Hair-raising stuff really.
Our upstream provider is planning on deploying Meltdown and Spectre mitigations for its entire fleet starting next week. We’re closely monitoring the matter, and we’ll keep you posted.