04 Jan Understand the Meltdown and Spectre security flaws that affect multiple processors
According to the Business Insider portal and Google itself, basically all computers, tablets, notebooks and mobile phones can be affected by the flaw, regardless of the company that made the device or the operating system running on it. The problem lies not only with personal devices but also with large datacenters, including those stored in Amazon, Google, and Microsoft cloud services.
In an official statement from Intel, the company claims that it and other security companies already know the problem and describes the situation as “a method of analyzing software that, when used for malicious purposes, can steal sensitive data from devices that are running the way they were designed.” Intel ends the note by saying that it does not believe that such breaches could corrupt, modify, or delete data.
However, regardless of the flaw to allow manipulation of data, the mere fact of the possibility of reading puts many operations at risk, especially in large datacenters and virtualized environments where there is a consolidation of many users/clients in the same infrastructure.
Meltdown and Spectre: Understand what they are
Meltdown and Specter are names given to security breachesthat can be used to take advantage of how Intel, AMD and ARM processors work. These breaches were originally discovered by the “Google Project Zero” security lab, which released on Jan 3rd, 2018 a detailed study of the case.
More specifically, Meltdown is a security flaw that breaks – or melts, as its name suggests – security mechanisms for processors. The failure is gigantic because that same feature is what takes care of the kernel accesses of the operating system. Because the kernel is responsible for the entire interface between the underlying layers of a computational architecture, this allows several programs to have access to the core of the processors without any kind of control, thus allowing, in cases of malicious use, access to parts of other applications without any need for privilege of the system itself.
Spectre, on the other hand, is an even more gigantic breach, as it is extremely difficult to correct. According to some experts, it is necessary to rebuild all processors so that the problem can be solved. The term “Spectre” obviously relates to the cause of the problem, which is speculative execution. Processors try to guess what the future instruction given by the software will be; if it is wrong, the code is discarded. If it is right, the information processing becomes faster. With Spectre, the processor may be induced to speculate some code that would not run in normal situations; as a consequence, confidential information may leak.
How to be protected?
There are several attacks that have been reported in the last 24 hours that followed the news, but much still runs in secrecy or unknown, because there is a type of signature of the attack and therefore no logging of operating systems or security solutions.
An anti-virus, for example, will not prevent such access. However, there are basic precautions provided by the manufacturer of the operating system used. The best attitude to take at this time is to check your security updates and, if they are not up to date, upgrade it as they become available.
Most operating system companies have already started developing security packages that will help protect the Meltdown and Spectre failures. Apple MacOS, Windows 10 from Microsoft, Linux and Android, for example, are some of them and they already have such corrections.
Another important tip, originally suggested by Business Insider, is not to download software that you do not trust completely. Meltdown and Spectre are extremely sensitive flaws, and can be shipped with other data leakage features, among others. Be careful.
Moments after the discovery of security breaches, a website on Meltdown and Spectre was created – you can check it here. Many clarifications are made, as well as providing a space for frequently asked questions. You can pick up your most pertinent questions.
Am I affected by the vulnerability?
Most certainly, yes.
Can I detect if someone has exploited Meltdown or Spectre against me?
Probably not. The exploitation does not leave any traces in traditional log files.
Can my antivirus detect or block this attack?
While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.
What can be leaked?
If your system is affected, our proof-of-concept exploit can read the memory content of your computer. This may include passwords and sensitive data stored on the system.
Is there a workaround/fix?
There are patches against Meltdown for Linux, Windows, and OS X.
Further technical information can be obtained directly from the Google Project Zeroblog byclicking here.