google-site-verification: google30a059f9a075f398.html

Meltdown and Spectre Report: A Guide for Awareness

Meltdown and Spectre Report: A Guide for Awareness

Now for almost three weeks, the legendary patch and resolution continue. This article is an update of the Implementation Guide to Meltdown and Spectre CPU Design Flaw or Chip Flaw. Currently, the world is still waiting for the “sure” fixes from Intel’s recently released bungled patch. However, these misses on their patches just dug Intel deeper. While we are waiting, I am providing a comprehensive guide for your awareness in the Meltdown and Spectre vulnerabilities saga.

What are the Meltdown and Spectre vulnerabilities, and how do they affect you? This essential guide will tell you everything you need to know about Meltdown and Spectre. Most of these reference article links are from https://www.techrepublic.com/article/spectre-and-meltdown-cheat-sheet/

The revelation of a previously undiscovered vulnerability at the heart of nearly every modern computer caused shockwaves at the start of 2018.

But what are the Meltdown and Spectre security vulnerabilities, and how do they affect you? This guide—which will be regularly updated—will tell you everything you need to know about Meltdown and Spectre.

What are Meltdown and Spectre?

They are vulnerabilities in modern chip design that could allow attackers to bypass system protection on almost every PC, server, and smartphone, enabling hackers to read sensitive information, such as passwords, from memory.

Malicious code running on a computer or even a web browser can exploit these vulnerabilities to access information stored in memory.

Meltdown can be especially dangerous on unpatched cloud platforms because malicious code inside the virtual machine can read data from the underlying host’s memory, causing the risk that one cloud client may steal data from another.in modern chip design that could allow attackers to bypass system protections on nearly every recent PC, server and smartphone—allowing hackers to read sensitive information, such as passwords, from memory.

Malicious code running on a computer or even in a web browser could exploit these vulnerabilities to access information held in protected memory.

Meltdown could prove particularly dangerous on unpatched cloud platforms, due to the possibility of malicious code inside a virtual machine being able to read data from the memory of the underlying host computer, with the threat that one cloud customer could steal data from another.

Read more

What is speculative execution?
Speculative execution essentially involves a chip attempting to predict the future in order to work faster. If the chip knows that a program involves multiple logical branches, it will start working out the math for all of those branches before the program even has to decide between them. For instance, if the program says, “If A is true, compute function X; if A is false, compute function Y”, the chip can start computing both functions X and Y in parallel, before it even knows whether A is true or false. Once it knows whether A is true or false, it already has a head start on what comes after, which speeds up processing overall. Or, in another variation, if a chip learns that a program makes use of the same function frequently, it might use idle time to compute that function even when it hasn’t been asked to, just so it has what it thinks the answer will be on hand.

What is caching?

Caching is a technique used to speed up memory access. It takes a relatively long time for the CPU to fetch data from RAM, which lives on a separate chip, so there’s a special small amount of memory storage called CPU cache on that lives on the CPU chip itself and that can be accessed very quickly. This memory gets filled with data that the chip will need soon, or often. What’s relevant for our situation is that data that’s output by speculative execution is often stored in cache, which is part of what makes speculative execution a speed booster.

The problem arises when caching and speculative execution start grappling with protected memory.

What is protected memory?

Protected memory is one of the foundational concepts underlying computer security. In essence, no process on a computer should be able to access data unless it has permission to do so. This allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.

But a privilege check can take a (relatively) long time. So — and this is the key to the vulnerability we’re discussing — while the CPU is waiting to find out if the process is allowed to access that data, thanks to speculative execution, it starts working with that data even before it receives permission to do so. In theory this is still secure, because the results of that speculative execution are also protected at the hardware level. The process isn’t allowed to see them until it passes the privilege check, and if it doesn’t pass the check, the data is discarded.

The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. And because CPU cache memory can be accessed more quickly than regular memory, the process can attempt to access certain memory locations to find out if the data there has been cached — it still won’t be able to access the data, but if the data has been cached, its attempt to read it will be rejected much more quickly than it otherwise would. Think of it as knocking on a box to see if it’s hollow. Because of the way computer memory works, just knowing the addresses where data is stored can help you deduce what the data is. This is what’s known as a side-channel attack.

What’s the difference between Spectre and Meltdown?

If you want a much more technical description of how Spectre and Meltdown work, you should check out the post on Google’s Project Zero site that was most of the world’s introduction to it. To keep it short and simple, both Spectre and Meltdown could allow potential attackers to get access to data they shouldn’t have access to using the techniques outlined above, but their effects are somewhat different:

Meltdown got its name because it “melts” security boundaries normally enforced by hardware. By exploiting Meltdown, an attacker can use a program running on a machine to gain access to data from all over that machine that the program shouldn’t normally be able to see, including data belonging to other programs and data that only administrators should have access to. Meltdown doesn’t require too much knowledge of how the program the attacker hijacks works, but it only works with specific kinds of Intel chips. This is a pretty severe problem but fixes are being rolled out.

By exploiting the Spectre variants, an attacker can make a program reveal some of its own data that should have been kept secret. It requires more intimate knowledge of the victim program’s inner workings, and doesn’t allow access to other programs’ data, but will also work on just about any computer chip out there. Spectre’s name comes from speculative execution but also derives from the fact that it will be much trickier to stop — while patches are starting to become available, other attacks in the same family will no doubt be discovered. That’s the other reason for the name: Spectre will be haunting us for some time.

Why are Spectre and Meltdown dangerous?

Meltdown and Spectre both open up possibilities for dangerous attacks. For instance, JavaScript code on a website could use Spectre to trick a web browser into revealing user and password information. Attackers could exploit Meltdown to view data owned by other users and even other virtual servers hosted on the same hardware, which is potentially disastrous for cloud computing hosts.

But beyond the potential specific attacks themselves lies the fact that the flaws are fundamental to the hardware platforms running beneath the software we use every day. Even code that is formally secure as written turns out to be vulnerable, because the assumptions underlying the security processes built into the code — indeed, built into all of computer programming — have turned out to be false.

Who does Spectre affect?

In fact, every PC, server, and smartphone is vulnerable to exploits of Spectre vulnerabilities.

Because Spectre-related attacks exploit the basic design of modern processors, they can affect more processors than “meltdown.” All major processor manufacturers have a wide variety of processors that are susceptible to Spectre-related attacks, including processors from AMD, ARM, and Intel. Only older chips, such as those used in the $35 Raspberry Pi 3, aren’t vulnerable to Spectre-related attacks.

Read more

Who does Meltdown affect?

Meltdown generally affects only devices with Intel, Apple, or Arm Cortex A75 processors.

However, there are still many machines affected by the widespread adoption of Intel chips in personal computers and servers, especially since the effects of meltdowns on Intel chips may continue for decades, with all Intel processors likely since 1995 Out of order execution, except for Itanium and Pre-2013 atomic, fragile.

Apple also said that all iPhone, iPad and modern Mac devices will be affected by Meltdown.

Read more

How do Meltdown and Spectre work?

To understand Spectre, you need to understand how modern computer processors work.

Modern processors speed up the execution of instructions by loading data into the processor’s onboard cache when needed. Data can be derived from this on-board cache, much faster than obtained from the computer’s main memory.

If the processor is executing a set of instructions branching from input, the processor will try to guess which instruction branch is most likely to be executed and load the necessary data into the processor’s cache. These processes, called Branch Prediction and Speculative Execution, are what can be exploited by Spectre attacks. The attacker manipulates the processor so it loads a value from protected memory into the cache. Then, they try to load the known data from unprotected memory. If one of these known data loads much faster than the others, they can conclude that this data was retrieved from the cache and therefore related to the value stored in the protected memory.

Meltdown works a bit differently by exploiting privilege escalation vulnerabilities that allow any user who can execute code on the system to access protected memory. This has the effect of neutralizing security models based on address space isolation and paravirtualization software containers.

There are two variants of Spectre attacks, variant 1 known as Bounds Check Bypass, referenced by CVE-2017-5753, and variant 2, known as Branch Target Injection, and referenced by CVE-2017-5715. The Meltdown vulnerability, known as Rogue Data Cache Load, is referenced by CVE-2017-5754.

Read more

Impact
Exploiting these Meltdown and Spectre vulnerabilities could give attackers access to sensitive information.

Solution

We encourages users and administrators to refer to their hardware and software vendors for the latest information. In the case of Spectre, the vulnerability exists in the CPU architecture rather than in the software and is not easy to fix; however, the vulnerability is harder to exploit.

 How can I protect against Meltdown and Spectre?

Patches against Meltdown and variant 1 Spectre attacks are being issued by operating systems and virtual machine vendors, patches are released on major operating systems such as Windows and MacOS and are automatically applied to most systems.

The Linux kernel has also been patched to help ease Meltdown and Spectre-related attacks, and TechRepublic writer Jack Wallen provides a comprehensive guide on how to check if a Linux-based computer is protected here.

More about cybersecurity

Fixes for the variant 2 of the Spectre attacks require a computer firmware update, which are being issued by chip manufacturers and designers such as Intel and ARM, and sometimes also an operating system kernel update.

Major cloud providers AWS, Google and Microsoft have all updated their systems with the latest updates for Specter and Microsoft, and virtualization provider VMware has released patches for both variants.

You can find a complete list of affected computer hardware and software, as well as vendor-issued patches, here.

Melting is easier to patch than Spectre due to Spectre-related attacks utilize basic design choices in modern processors. Due to difficulties with Specter, patches usually reduce the risk of attacks, rather than completely blocking them.

Linus Torvalds, founder of the Linux kernel, is particularly critical for Intel’s choice of patches for Specter variant 2 systems, describing the updates as garbage, because operating system makers having to add code that opts-in to enabling Spectre mitigation.

Most major browsers have also been updated to prevent malicious JavaScript on the site from using the Specter vulnerability to read data from the computer’s memory. Read more

How will installing patches against Meltdown and Spectre affect my computer?

While technology companies have been preparing updates to ease the Meltdown and Spectre vulnerabilities in months, the details of these vulnerabilities have long been leaked.

In the rush to release the patch, there are other problems caused by Meltdown and Spectre updates.

Intel told computer manufacturers to temporarily stop rolling out its firmware fix for Spectre variant 2 after reports of unexpected reboots on systems that had applied the fix. The problems were originally thought to only be affecting systems running on older Intel Broadwell and Haswell-era chips, however Intel later revealed that computers using newer processors were also suffering from instability after applying the update.

Microsoft warned that Windows PCs won’t receive any further security updates until third-party AV software is verified as compatible with Windows patches for Meltdown and Spectre, although this issue has now mostly been resolved.

SEE: Securing Linux policy (Tech Pro Research)

And chipmaker AMD worked with Microsoft to resolve problems after the patches caused PCs running on some older AMD Opteron, Athlon and AMD Turion X2 Ultra processors to refuse to boot.

The nature of the Spectre Variant 2 flaw implies that in some cases the protection against attacks can also affect the speed of your computer. Microsoft analyzed which system may be the most affected by the application of Spectre repair, found the following:

  • Most users who run Windows 8 and Windows 7 PCs on Intel Haswell or earlier 2015 CPUs will notice slow performance.
  • Some users running Windows 10 PCs on Intel Haswell or earlier CPUs in the 2015 system will notice slowdown in system performance and a “more noticeable drop” than the new chip.
  • Most users running Windows 10 computers on Intel Skylake, Kaby Lake, or later CPUs in the 2016 era will not notice the change because the operation has only a “millisecond difference.”

Intel found that the same Spectre-related firmware updates can also cause a significant drop in server performance.

However, the degree of deceleration is largely dependent on the workload and the nature of the system configuration, with some being barely affected and others significantly prolonged.

Intel tested a server platform running a two-socket Intel Xeon scalable system based on the Skylake microarchitecture.

Intel said the most affected workloads are those “workloads that contain a large number of user / kernel privilege changes and spend a lot of time in privileged mode.”

Result Findings:

Benchmark performance simulating common businesses and cloud workloads can impact up to 2%. Intel mimics these workloads with industry standard measurements such as integer and floating point throughput, Linpack, STREAM, server-side Java, and energy efficiency benchmarks.

  • An online transaction processing (OLTP) benchmark that simulates a brokerage firm’s client broker stock exchange shows a 4% impact.
  • Storage baselines vary greatly.

In FlexibleIO, benchmarking for different types of I/O load, emphasizing that a 100% write CPU resulted in a 18% decrease in throughput performance. However, read / write model read/write ratio of 70/30, throughput performance decreased by 2 percentage points, read throughput has no effect.

When Intel ran Storage Performance Development Kit (SPDK) tests that also had a wide range of effects, these tests provided a set of tools and libraries for writing high-performance, scalable user-mode storage applications. With SPDK iSCSI, Intel can achieve a 25% impact with only a single core. However, using SPDK vHost has no effect.

The potential performance impact on servers is that Microsoft recommends that users “evaluate the risk of untrusted code for every Windows Server instance and balance the balance between security and performance.”

Google has produced its own Retpoline update to guard against Spectre branch target injection exploits, which Intel has said “could yield less impact”.

Major cloud providers, AWS, Google and Microsoft say that, for the majority of workloads, customers should not notice a difference in performance following the updates. However, there have been reports from some customers of a drop off. AWS customer Epic Games attributed a more than 20 percent spike in CPU load on a cloud server hosting games of Fortnite to the impact of the Meltdown and Spectre patches.

Virtualization vendor VMware also warned that an increase in CPU utilization after Specter fixes are applied may cause organizations to find they need to increase the size of virtual machine clusters that previously had enough capacity.

Read more

Will buying a new processor help?

Yes, to a degree, the performance of the new processor seems to be less affected by the application of patches against security flaws.

However, the fact that Spectre has taken advantage of a fundamental aspect of modern processor design shows that chipmakers can only do a lot of things when designing new processors.

Rewriting the basic architecture of modern CPUs cannot be a quick process, and at the same time it can mean continuing to use the processor, with some degree of insecurity, or worse when performing certain tasks.

Read more

 

After patching, performance impact may vary, depending on usage. Administrators should ensure that the performance of key applications and services is monitored and, where possible, work with their suppliers and service providers to mitigate their impact.

In addition, users and administrators who rely on the cloud infrastructure should use CSPs to mitigate and mitigate any impact of host operating system patching and forced restarts.

The following table contains links to suggestions and patches posted in response to these vulnerabilities. This table will be updated as the information becomes available.

 

Meltdown and Spectre Links to Vendor Information Date Added
Amazon (link is external) January 4, 2018
AMD (link is external) January 4, 2018
Android (link is external) January 4, 2018
Apple (link is external) January 4, 2018
ARM (link is external) January 4, 2018
CentOS January 4, 2018
Chromium January 4, 2018
Cisco (link is external) January 10, 2018
Citrix (link is external) January 4, 2018
Debian January 5, 2018
DragonflyBSD January 8, 2018
F5 (link is external) January 4, 2018
Fedora Project January 5, 2018
Fortinet (link is external) January 5, 2018
Google (link is external) January 4, 2018
Huawei (link is external) January 4, 2018
IBM (link is external) January 5, 2018
Intel (link is external) January 4, 2018
Juniper (link is external) January 8, 2018
Lenovo (link is external) January 4, 2018
Linux January 4, 2018
LLVM: variant #2 January 8, 2018
LLVM: builtin_load_no_speculate January 8, 2018
LLVM: llvm.nospeculatedload January 8, 2018
Microsoft Azure (link is external) January 4, 2018
Microsoft (link is external) January 4, 2018
Mozilla January 4, 2018
NetApp (link is external) January 8, 2018
Nutanix (link is external) January 10, 2018
NVIDIA (link is external) January 4, 2018
OpenSuSE January 4, 2018
Qubes January 8, 2018
Red Hat (link is external) January 4, 2018
SuSE (link is external) January 4, 2018
Synology (link is external) January 8, 2018
Trend Micro (link is external) January 4, 2018
VMware (link is external) January 4, 2018
Xen January 4, 2018

Meltdown and Spectre Reference Sources:

  • https://www.us-cert.gov/ncas/alerts/TA18-004A
  • https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html

If you like to receive more of these articles then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com and read further CyberWisdom Safe Harbor Commentaries.