MELTDOWN AND SPECTRE BUGS

Home / News / MELTDOWN AND SPECTRE BUGS

MELTDOWN AND SPECTRE BUGS

 

What is the vulnerability?

The vulnerability affects how systems isolate Data in memory (RAM). Exploiting this vulnerability could allow an attacker to gain access to data such as passwords, encryption keys, or potentially data from other virtual systems on the same server.

Right now, there are two specific vulnerabilities being dubbed Meltdown and Spectre.

Meltdown: This vulnerability is the easiest to exploit and the one getting the most attention. It primarily affects Intel Chipsets and is currently being addressed with operating system level patches from Microsoft, Apple and other companies. It works by using a method called “speculative execution” to infer values in protected memories.

Spectre: This is a more generalized attack based on concepts like Meltdown and affect ARM and AMD processors in ways that the Meltdown attack can’t. This also means that fixes and work arounds for Meltdown will not protect against Spectre attacks.

Who is affected?

Basically, anyone with a computer. This would include local devices you use like laptop and desktop computers, but also potentially your phones and tablets. It also includes servers and the services you may visit as well, most notably cloud systems and other systems that involve using virtualization. The vulnerability has been verified to work on chipsets going back to at least 2011 but it can also likely affect CPUs going back as far as 1995.

Most at risk right now are systems using the Intel chipset as they are the easiest to exploit, and the first proof-of-concept attacks are being released target Intel. This means that your laptop is probably more at risk than your phone, for now.

How can this be attacked?

To exploit these vulnerabilities, an attacker would need to execute code on a local system. This could be performed in a variety of ways. Being locally logged in, even as a low-level user, could allow the attacker to launch the attack. Attackers could also launch the attack remotely if they can get malicious code executed on a local system. This could take the form of downloaded malware and malware pushed via malicious websites or even through malicious documents. (Example, malicious links sent via email)

Has there been any known attacks?

Nothing has been detected as being exploited on user systems so far. Since these vulnerabilities have been disclosed by security researchers rather than being discovered in an active attack, it’s likely that attackers were not aware of these vulnerabilities until everyone else. This may quickly change however, as proof-of-concept exploits are already being written and floated around the internet. It is probably only a matter of time until we see these vulnerabilities exploited via malware attacks.

 

What is the solution?

Since these issues are hardware related and vary widely across specific software, complete fixes will be complex and may take a while to be released. Luckily while Meltdown is easier for attackers to exploit, it’s also easier to address. And while Spectre is a harder problem to patch, it is also much harder to exploit. Please note that in terms of Microsoft only Windows 7 and up will be patched against this exploit. Please note that older operating systems, such as Windows XP and Server 2003 will not have any protection offered.

Currently Operating system vendors like Microsoft and others are releasing patches that will provide protection against Meltdown attacks. These patches work by removing something called shared kernel mapping which prevents the ability of CPUs to predict values in protected memory. Unfortunately, by removing this feature, a lot of processing efficiency is removed as well. This will result in some performance decrease for those systems. What that decrease is will depend on how heavily particular software packages relies on this memory access, but current estimates suggest anywhere from a 5%-30% decrease in overall software performance.

Intel has released firmware updates, but some people seem to have a misconception that firmware updates occur as a simple, generic patch that anyone can download. This is far from the truth. The biggest problem with the firmware updates that are being released is that firmware will be vendor and model specific. Intel develops multiple firmware updates for each different chip. These firmware updates are then distributed to the computer vendors like HP and Dell who, in turn, must test and release them to their customers for each model of computer they sell.

For instance, here’s Intel’s page on how to get their firmware updates. It basically provides links to the individual computer vendor’s site: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

If you look at Dell’s linked page, as an example, you can see dozens of updates that are model dependent:

http://www.dell.com/support/article/us/en/19/sln308237/dell-client-statement-on-intel-me-txe-advisory–intel-sa-00086-?lang=en

Please note that most of these firmware updates need to be installed directly on the system requiring a person physically in front of the machine. It may best to have an IT person deploy these patches or someone who is knowledgeable about computers. Please note that as above this may not be one large patch that we can apply to all systems, but it may be something that may be different for each system using a different type of processor. This added with the need for software patches, like those from Microsoft and this can become a large task if there are many PCs involved.

In the meantime, it would be best to avoid Malware (as the Malware would be used to initiate this attack). Avoid suspicious email attachments, documents and websites. Make sure you use long and complex passwords to prevent unauthorized users from accessing your system, keep your software up to date with patches and use a good Antivirus software like Symantec Endpoint Protection, etc.