The Register reports on researchers discovering new methods for exploiting the evil CPU Meltdown and Spectre vulnerabilities:
In a research paper – “MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols” – out this month, bit boffins from Princeton University and chip designer Nvidia describe variants of Meltdown and Spectre exploit code that can be used to conduct side-channel timing attacks.
In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer’s memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits.
Crucially, however, changes to the underlying hardware probably will not: that is to say, whatever Intel and its rivals are working on right now to rid their CPU blueprints of these vulnerabilities may not be enough. These fresh exploits attack flaws deeply embedded within modern chip architecture that will be difficult to engineer out.
Before you panic: don’t. No exploit code has been released.
Although no code has yet to be released, this does not mean nation states have not developed toolsets to leverage these vulnerabilities. It it highly likely the US, UK, Russia, and China – among others – have already weaponized these exploits.
So while there is not necessarily any need to panic, there is absolutely a need to proceed with caution, especially for governments and large enterprise networks. Those networks within the crosshairs of extremely sophisticated actors will absolutely need to be prepared to defend against attacks leveraging these holes.
Ars Technica on Intel releasing microcode updates to combat the historic Spectre vulnerability:
After recommending customers not use its microcode fix for Broadwell and Haswell chips, Intel has issued a new microcode update for Skylake processors that gives operating systems the ability to protect against the Spectre flaw revealed earlier this year.
The Spectre attacks work by persuading a processor’s branch predictor to make a specific bad prediction. This bad prediction can then be used to infer the value of data stored in memory, which, in turn, gives an attacker information that they shouldn’t otherwise have. The microcode update is designed to give operating systems greater control over the branch predictor, enabling them to prevent one process from influencing the predictions made in another process.
Intel’s first microcode update, developed late last year, was included in system firmware updates for machines with Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors. But users subsequently discovered that the update was causing systems to crash and reboot. Initially, only Broadwell and Haswell systems were confirmed to be affected, but further examination determined that Skylake, Kaby Lake, and Coffee Lake systems were rebooting, too.
In response, consumers were advised not to use the new microcode, and operating system features that leveraged the new capabilities were disabled.
Although this update addresses the Spectre issue, the actual fix is going to take years. An architecture update is required to fully solve this, and the Meltdown, issues.
This makes me wonder how many other unknown vulnerabilities remain in Intel chips that, say, national intelligence agencies are aware of but Intel is still in the dark.
Intel notified some of its customers of the security flaws in its processors, dubbed Spectre and Meltdown, but left out the U.S. government as part of that. Some of the companies Intel notified included Chinese technology companies, though the report suggests there is no evidence that any information was misused. An Intel spokesperson said that the company wasn’t able to tell everyone it planned because the news was made public earlier than expected.
So the real questions are: did China inform Russia of these vulnerabilities, and has Russia created tools to leverage these exploits? Why would Intel hide this information from the United States government?
This goes back to something I am adamantly against: withholding news of vulnerabilities of this nature so the intelligence communities can stockpile and leverage internally developed exploit kits to their so-called advantage.