Meltdown & Spectre
First Off i Wanna apologize to My Readers for my long absence, a lot of crucial things have been happening in my life for the past 4-5 months, and finally my high school is over and i'm waiting for my reports. From now on, i'll be posting blogs every two weeks or so (that'll get shorter soon).
Today's blog is all about Meltdown and Spectre, these are the two security bugs that can cause chaos to almost any processor that has been manufactured till this day.
Most of the viruses tries to exploit the vulnerability in the code of a specific program they are designed to infect, this means that they can't affect programs or OSes they are not designed to affect so to a level we are almost safe. But the problem with these two are they function on a much closer to a hardware level so they can exploit almost any processor out there and spectre can affect Intel as well as AMD processors manufactured to this day, moreover spectre can even affect bunch of smartphone processors.
So, why do they affect almost every device out there?
this is due to the particular feature present in almost all the modern CPU's which is SPECULATIVE EXECUTION.
Speculative Execution, What is it?
Speculative Execution is a technique CPU design use to improve CPU performance. it's one of the three components of out-of-order execution. Along with multiple branch prediction and dataflow analysis. Work is done before it is known whether it is actually needed, so as to prevent delay that would have to be incurred by doing the work after it is known that it is needed. this drastically increase the performance of the process.
Meltdown
Meltdown breaks the most fundamental isolation between user applications and the operating system. this attack allows a program to access the Memory, and thus the secrets of other programs and OSes.
Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack is independent of the operating system, and it does not rely on any software vulnerabilities.
Meltdown breaks all security assumptions given by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer.
you can see the meltdown in action in this video
source: https://meltdownattack.com/#faq-fix
Luckily there are Patches available against meltdown for linux, Windows and OSX.
Spectre
spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices into leaking their secrets. In fact the safety checks of said best practices actually increases the attack surface and may make applications more susceptible to spectre.
Spectre is hard to exploit than meltdown but it is hard to mitigate However it is possible to prevent the exploitation using software patches
Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects.
Who Reported Meltdown and Spectre?
Meltdown was independently discovered and reported by:
- JANN HORN (Google Project Zero)
- WERNER HAAS, THOMAS PRESCHER (Cyberus Technology)
- DANIEL GRUSS, MORTIZ LIPP, STEFAN MANGARD, MICHAEL SCHWARZ (Graz University)
Spectre Was discovered by:
- JANN HORN (Project Zero) and
- PAUL KOCHER in collaboration with, DANIEL GENKIN (University of Pennsylvania and University of Maryland), MIKE HAMBURG (Rambus), MORITZ LIPP (Graz University) and YUVAL YAROM (University of Adelaide and Data61)
The main Problem with these two are a user cannot identify if their devices have been exploited or not as they do not leave traces in normal log files.
While Possible in theory an antivirus can detect these to but they aren't in practice as they can't be distinguished from normal applications
Systems affected by Meltdown:
Desktops, laptops, cloud computers, maybe affected and mostly intel chips which uses out-of-order execution is affected means every processors since 1995 is affected it is unclear that if AMD is affected, furthermore ARM has reported that some of its processors are also affected so technically some mobile devices are also affected
What is the difference between Meltdown and Spectre?
Meltdown breaks the mechanism that keeps applications from accessing the arbitrary system memory. Spectre tricks other applications into accessing arbitrary locations in their memory
The CVE names for these vulnerabilities are as follows:
CVE-2017-5753 and CVE-2017-5715 are the official references to spectre
CVE-2017-5754 is the official reference to Meltdown
You can visit the Github page For the test code for meltdown
Useful Links and Sources You can gain more information about Spectre and Meltdown down below:
- https://meltdownattack.com/#faq-fix
- https://arxiv.org/abs/1801.01207
- https://www.extremetech.com/computing/261792-what-is-speculative-execution
- https://www.youtube.com/watch?v=NArwG6yaWJ8
- https://en.wikipedia.org/wiki/Speculative_execution
Thankyou!!
