(That said, some of these patches had to be rolled back when it was discovered the patches caused computers to reboot.) Meltdown is the more trivial of the bugs to exploit and is also easier to fix because it can be addressed with an OS patch. Intel has received the brunt of the criticism, as Meltdown “ applies almost exclusively to chips made by Intel.” As Intel “makes about 90 percent of the world’s computer processors and 99 percent of the server chips in the data centers that effectively run the internet”, Meltdown was indeed a significant exploit. – The New Way Your Computer Can Be Attacked, The Atlantic And sometimes patching isn’t possible the vulnerability will remain until the computer is discarded. Patching them requires large-scale coordination across the industry, and in some cases drastically affects the performance of the computers. They affect virtually all high-end microprocessors produced in the last 20 years. These are vulnerabilities in computer hardware, not software. It is called Spectre in part because “as it is not easy to fix, it will haunt us for quite some time.” The Scope of the Problems For example, exploits can be created with as little as a few lines of JavaScript, meaning malicious code on a website can use browsers and other applications as attack vectors. These vulnerabilities create multiple avenues for attack. Spectre is comprised of two separate vulnerabilities that can not be addressed with KPTI, though there are updates to help harden systems. These patches can cause performance degradation for CPU speed. Meltdown is so named because “the vulnerability basically melts security boundaries which are normally enforced by the hardware.” It has one known attack variant, and the problem can be addressed with Kernel Page-Table Isolation (KPTI) operating system patches. Or at least that’s the plan! But as we all now know, unfortunately some traces do get left behind…Īll of the attacks cause information disclosure from higher-privileged or isolated same-privilege contexts, leaked via an architectural side channel, typically the CPU data cache. If the guess was wrong, the results can just be rolled back and it’s as if they never happened. – Spectre Attacks: Exploiting Speculative Execution, Kocher et al. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try to guess the destination and attempt to execute ahead. Modern processors use branch prediction and speculative execution to maximize performance. Here’s a quick explanation of the problem, in three acts. The net result is that CPU leaks memory across boundaries we previously thought were safe. Meltdown and Spectre are distinct attack vectors born of the same class of problem: speculative execution. These exploits take advantage of hardware vulnerabilities that allow attackers to overcome memory isolation. There are plenty of technical explanations about the vulnerabilities, so the goal of this section is to give a high level overview what happened with extensive links to the articles, papers, and repositories for those who want to explore more. This piece will summarize the nature of the vulnerabilities, explore the scope of the problems to date, and present the potential costs associated with the fallout. Daniel Gruss, one of the researchers who discovered the vulnerability, called Meltdown, “ probably one of the worst CPU bugs ever found.” If that isn’t alarming enough, Adrian Colyer says “ Spectre is a step-up from the already very bad Meltdown.”ĭetails about the bugs continue to emerge, but with findings this significant we wanted to begin exploring the repercussions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |