Meltdown, Spectre, Foreshadow, ZombieLoad and related exploits

From Embedded Lab Vienna for IoT & Security
Revision as of 16:55, 11 January 2021 by ARauschnick (talk | contribs) (Created page with "== Summary == First disclosed in 2018, Meltdown and Spectre both apply so-called side channel attack strategies and speculative execution to gather access to otherwise protec...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

First disclosed in 2018, Meltdown and Spectre both apply so-called side channel attack strategies and speculative execution to gather access to otherwise protected data. While Meltdown (which mostly affected Intel hardware) grants attackers access to Kernel-level information from a user-level point of entry, Spectre allows attackers to access data from different users or programmes running on the same hardware (and affected basically every modern computer system). While read access is slow, applying these exploits in a cloud environment poses a huge threat: A programm observing information and data running on the same physical device (but on different virtual machines) can slowly but surely gather confident information. Developers of the most prominent hardware and operating systems had been informed before the disclosure of the exploits, and as such, both exploits have since been fixed. It should be noted, however, that first patches were, although almost immediate, far from final and were highly criticized - performance issues and spontaneous reboots were among the most overtly criticized issues. As speculative execution is both a way to speed up processing tasks as well as it by design poses a certain uncertainty, follow-up exploits applying similar strategies still appear from time to time. Especially noteworthy is Netspectre, which does not even require local execution of malicious code.

Requirements

  • Basically all Intel CPUs manufactered between the late 90s and 2018 are vulnerable to both Spectre and Meltdown, as well as regular modern operating systems BEFORE early 2018 (which is when patches have been released).
  • AMD CPUs are not suspectible to Meltdown, but they are vulnerable to Spectre. They too have since been patched.
  • It goes without saying, but in order for these exploits to actually amount to anything, the systems to be compromised must be connected to the internet in some way - while you theoretically could spread the malicious code among retro-enthusiasts via 3,5" floppy disks, the secretive data gathered would never leave the system in that scenario.
  • Patching has been done both on the level of operating systems as well as with CPU developers themselves issuing BIOS update patches.
  • As mentioned before, while all operating systems and CPU brands were affected, the biggest threat lured in a cloud environment - a double hit for cloud computing companies, as the patches usually cost some performance - a hefty price for a business model based on selling performance, but one they had to pay given the severity of danger in a clouded environment with these exploits unfixed.

Historical background

The exploits were disclosed in January 2018, and the research as well as the publication was handled by Google Project Zero, Cyberus Technology and the Technical University Graz. As developers of the largest CPU brands and operating systems had been contacted as mid 2017, the fist sets of patches were issued simultaneously, although developers of smaller Linux branches complained about receiving second-class security information. First patches seemed to come with terrible performance implications, especially for Intel systems, and in general Intel's statements around that time caused some distrust from people such as Linus Torvald. Some operating systems (or its iterations) and some hardware devices, in both cases mostly old variations, never saw any patches being deployed.

Netspectre was first documented in the late summer of 2018.

All of these exploits were disclosed without a definite account on damages already caused - they were merely the result of researchers coming to the conclusion that the existing architecture could be abused in such ways. Companies are not exactly known to disclose all the issues of their own hardware they are aware of, and neither are people who make a living off compromising other people's security, so it is unknown how many more exploits exist and how many more are currently even being employed in the wild.

Description of how Spectre works

Description of how Meltdown works

References

  • Kim Zetter. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Broadway Books, 2015
  • Ben Buchanan. The Hacker and the State. Harvard University Press, 2020
  • Nicolas Falliere, Liam O Murchu, and Eric Chien. W32. Stuxnet dossier. White paper, Symantec Corp., Security Response, 5(6):29, 2011
  • D.E. Sanger. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. Crown, 2012
  • T. M. Chen and S. Abu-Nimeh. Lessons from stuxnet. Computer, 44(4):91-93, 2011
Retrieved from "https://wiki.elvis.science/index.php?title=Meltdown,_Spectre,_Foreshadow,_ZombieLoad_and_related_exploits&oldid=5746"