https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
A fundamental design flaw in Intel’s processor chips related to virtual memory system (Intel x86-64 hardware) allows normal user programs (even JavaScript in web browsers) to discern to some extent the layout or contents of protected kernel memory areas.
It is understood the bug is present in modern Intel processors produced in the past decade. It appears a microcode update can’t address it, so it has to be fixed in software at the OS level. This has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, which is expected to cause 5 to 30 per cent slow down of your computer on next update!
Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday. Patches for the Linux kernel are available. Apple’s 64-bit macOS, will also need to be updated.
This is bad news for Intel. Last year they had AMT vulnerability remote exploit and now this new blow in Intel security. I don’t think that computer buyers like that their computers become slower!
Details of the vulnerability within Intel’s silicon are under wraps and are expected to be released later this month – so follow the comments for updates.
565 Comments
Tomi Engdahl says:
Intel shares fall as investors worry about costs of chip flaw
https://www.reuters.com/article/us-cyberintel-stocks/intel-shares-fall-as-investors-worry-about-costs-of-chip-flaw-idUSKBN1ET1NH
January 4, 2018
Intel Corp shares fell nearly 2 percent on Thursday as investors worried about the potential financial liability and reputational hit from recently disclosed security flaws in its widely used microprocessors.
Tomi Engdahl says:
Intel says performance impact of security updates not significant
https://www.reuters.com/article/us-cyber-microchips/intel-says-performance-impact-of-security-updates-not-significant-idUSKBN1EU0JH
Intel Corp (INTC.O) said fixes for security issues in its microchips would not slow down computers, rebuffing concerns that the flaws found in microprocessors would significantly reduce performance.
The performance impact of the recent security updates should not be significant and will be mitigated over time, Intel said late on Thursday
Tomi Engdahl says:
Intel Faces Scrutiny as Questions Swirl Over Chip Security
https://www.nytimes.com/2018/01/07/technology/intel-chip-security.html
In 1994, Intel faced a public relations crisis over an elusive mathematics glitch that affected the accuracy of calculations made by its popular Pentium computer chips. After insisting that the problem would not affect many people, the company succumbed to public pressure and recalled the chips, costing it $475 million.
Now Intel faces an even bigger test: two serious security issues with its chips that could have implications for nearly everyone touched by computing. And so far — in something of a repeat of the 1994 incident — Intel has failed to quiet critics, putting it in an awkward position this week as its chief executive prepares to take the stage at one of the world’s biggest tech trade shows.
The cause of the new public relations crisis is the disclosure last week of two new ways to filch data from the microprocessors inside nearly all of the world’s computers. Called Meltdown and Spectre, they could allow hackers to steal the entire memory contents of computers and spur the discovery of new attacks.
“It is a very big deal, because it’s an area people haven’t looked at before,” said Bruce Schneier, a computer security expert and lecturer at the John F. Kennedy School of Government at Harvard. “Everybody is going to start now.”
Intel was privately informed of the issues by security researchers in June.
The company, which has rejected doing a chip recall or other costly remedies, said it has quietly marshaled a coalition of software, hardware and cloud services to develop and deploy programming tweaks that are designed to close most of the security gaps. Intel and its partners said the fixes should be largely in place this week.
Intel, largely by virtue of its success, has the most at stake.
“We created a microprocessor monoculture,” said Bryan Cantrill, chief technology officer at Joyent, a cloud service owned by Samsung. “There are dangers associated with that.”
Intel’s situation is complicated by history and semantics. The Pentium problem was caused by a design error. But Meltdown and Spectre attacks exploit a common speed-boosting technique in chips called speculative execution that Intel’s Mr. Smith insisted is working as it should. That approach to chip design emerged before researchers developed new ways to spy on such internal operations, using what they call “side-channel” analysis, Mr. Smith said.
As a result, the security issues that were discovered were not flaws or bugs, he said.
That hasn’t stopped an uproar from security researchers and tech industry executives.
Major users of Intel chips — including Apple and the cloud computing arms of Google and Amazon — have said they deployed security fixes recommended by Intel and so far they have not reported the sharp performance slowdowns of the sort some experts projected.
But the solutions are far from perfect. While Meltdown’s effects can be mitigated with updated operating systems, countering Spectre requires more complex steps like updating computer code stored in the chips themselves — or in some applications like web browsers, Intel recommends inserting special instructions in places that security professionals said may be hard to identify.
“This is not a simple ‘we found a bug, here’s a patch and we are done,’” Mr. Schneier said.
Tomi Engdahl says:
The Week In Review: Design
https://semiengineering.com/the-week-in-review-design-111/
Security researchers identified a major exploit of the “speculative execution” technique used to optimize performance in modern processors. The flaws allow an attacker to read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications, according to Google’s Jann Horn. Multiple researchers discovered the issues independently, including Jann Horn and teams from Cyberus Technology and the Graz University of Technology.
Three known variants of the issue exist, in two categories. Meltdown “exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords,”
Meanwhile, Spectre attacks also violate memory isolation boundaries and involve “inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel,”
A list of official security advisories from affected companies is available. Patches are rolling out for vulnerable processors and operating systems
Where can I find official infos/security advisories of involved/affected companies?
https://meltdownattack.com/#faq-advisory
Tomi Engdahl says:
Reading privileged memory with a side-channel
https://googleprojectzero.blogspot.fi/2018/01/reading-privileged-memory-with-side.html
Tomi Engdahl says:
Microsoft Patches for CPU Flaws Break Windows, Apps
http://www.securityweek.com/microsoft-patches-cpu-flaws-break-windows-apps
Users have complained that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities cause Windows to break down on some computers with AMD processors.
Several individuals whose computers rely on AMD processors, particularly older Athlon models, say they are unable to start Windows 10 after installing KB4056892, an update released by Microsoft in response to the disclosure of serious flaws affecting Intel, AMD and ARM processors.
While a majority of the affected users appear to have older AMD Athlon processors, some devices with AMD Turion CPUs also appear to have been hit.
Some Windows users report that they simply cannot install the patches for the CPU vulnerabilities, and some say their web browsers have started crashing after applying the update.
Shortly after releasing the Meltdown/Spectre updates, Microsoft warned that it had identified some compatibility issues with some antivirus products.
Tomi Engdahl says:
Industry Reactions to Meltdown, Spectre Attacks: Feedback Friday
http://www.securityweek.com/industry-reactions-meltdown-spectre-attacks-feedback-friday
The attacks, known as Spectre and Meltdown, have already been addressed by several vendors, including Microsoft, Apple and Google, and Intel and others are also working on rolling out patches.
Billions of PCs, mobile devices and cloud instances are vulnerable to attacks leveraging the Spectre and Meltdown vulnerabilities, and some fear we will soon witness remote exploitation attempts.
Industry professionals have commented on various aspects of Meltdown and Spectre, including their impact, what users and organizations need to do, and the lessons that can be learned.
“The recent revelation of a major chip design security flaw is quite technical and gets to the underlying architecture and interface of physical memory and virtual memory, which is a big part of all practical, modern computing. It’s important to note that no one is immune by default to this chip design flaw and that it may impact a wider set of chips and manufacturers over time.”
“The Intel vulnerability reinforces the need for everyone to stay on top of the latest patches. We learned that hard lesson with the Wannacry attack that quickly spread to 150 countries.”
In this case, the most immediate and significant risk exists in the cloud services provider environments and in private data centers. The threat seems to be the grabbing of passwords/hash-values and encryption keys from memory and then using these to install additional malware.
“Like most organizations, chip manufacturers have long prioritized speed over security—and that has led to a tremendous amount of sensitive data placed at risk of unauthorized access via Meltdown and Spectre. While the vast majority of computing devices are impacted by these flaws, the sky is not falling. Both vulnerabilities require an attacker to be able to run their code on the device they are attacking.”
“Vulnerabilities like this are extremely problematic because they permeate so much of the technology around us that we all rely upon. Resolving this issue will take time and incur costs. In many cases, this cost includes security risks, rectification effort and even computing performance.
“What I find interesting is that with the ever increasing amount of software code of out there, security researchers are still discovering 20+ years old vulnerabilities. Unfortunately the processor level vulnerabilities that have been published recently seem to indicate a trend: Everyone drop what you are doing and start patching your systems [again].”
“Vulnerabilities like Meltdown only highlight the breadth of the potential issue we face no matter the investment.”
In the cybersecurity industry, we must realize that we have maxed out on our ability to lock down systems and networks. It has become critical that we look to ways not only to prevent but to defend.”
“The Meltdown and Spectre security flaws are affecting billions of devices, but the fundamental challenges that organizations face remain the same as every other major vulnerability that has been announced. Fixing these security flaws is going to be a long-term issue to resolve because, one, patches are needed across a vast array of operating systems, and two, patches for Spectre are still to be developed and released.”
“The important take-away from these attacks is very simple – computation leaks secrets! There has been a huge body of work showing that secret cryptographic keys and private information can be stolen by running software on the same machine and utilizing the properties of modern complex processors that don’t provide true separation between processes. In the past it has been shown how the machine’s cache and even clock can be used by one process to steal secrets from another. Meltdown and Spectre go a step further by utilizing the way that modern processors achieve speedups through something called “speculative execution”.
“The biggest impact is for companies relying on shared computing resources in the cloud – such as virtual private servers, virtual machines, and containers – which place them at higher risk of an attacker employing these new techniques to extract secrets (passwords, encryption keys, and other sensitive data).”
“The latest Intel, ARM and AMD chip security flaw is a major issue for multiple reasons, the security risk has the potential for simple code running in a web browser. This could allow for a cybercriminal to access sensitive data in protected memory which could include passwords, login keys or sensitive data that is typically protected. The patch of such a flaw is a major challenge as a firmware update typically requires a reboot so for servers running critical systems, this results in unplanned downtime.”
With these cyber risks, it means that most companies will approach patching systems with extreme caution as many companies still prioritise business operations over security issues.
Tomi Engdahl says:
Ubuntu Preps Patches for Meltdown, Spectre CPU Flaws
http://www.securityweek.com/ubuntu-preps-patches-meltdown-spectre-cpu-flaws
Ubuntu security updates planned for January 9 will patch the recently disclosed Meltdown and Spectre CPU vulnerabilties, Canonical has announced.
Impacting billions of devices around the world, Meltdown and Spectre are two new side-channel attacks targeting CPUs from Intel, AMD and ARM. Residing in the CPU architecture, the flaws impact Windows, MacOS, Linux, and many other operating systems.
The attacks abuse three different flaws and can be leveraged to bypass memory isolation and access sensitive data such as passwords, photos, documents, and emails.
Tomi Engdahl says:
A Critical Vulnerability Spares Security of Microcontrollers
http://www.electronicdesign.com/embedded-revolution/critical-vulnerability-spares-security-microcontrollers
When Intel revealed that almost all its computer chips were exposed to exploits that could allow hackers to swipe their memory contents, the company denied that it alone was afflicted. The Meltdown vulnerability is specific to Intel, but the company said that it would work with rivals AMD and ARM to resolve another fault that also affects them, called Spectre.
ARM is the company behind an architecture that has been shipped in more than four billion chips installed in everything from smartphones to factories, and which is inside chips vulnerable to the Spectre flaw. The company recently revealed that the exploit does not affect its microcontrollers, but it could pose a threat to higher performance chips.
The firm stressed that the exploits would not work against Cortex-M designs, which are used in microcontrollers for the Internet of Things and which have been shipped in tens of millions of devices. On Wednesday, the company published a chart of vulnerable devices, which include several Cortex-R and Cortex-A products used in smartphones and other chips sold by Nvidia and Samsung.
“All future Arm Cortex processors will be resilient to this style of attack or allow mitigation through kernel patches,” the company said in a statement.
Spectre is harder to exploit than Meltdown, but it is also harder to prevent and could require chips to be redesigned. But the prognosis also appears to have improved.
United States Computer Emergency Readiness Team, part of the Department of Homeland Security, recently revised a note that advised companies to replace all hardware vulnerable to the exploits.
Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
https://www.kb.cert.org/vuls/id/584653
Note: This Vulnerability Note is the product of ongoing analysis and represents our best knowledge as of the most recent revision. As a result, the content may change as our understanding of the issues develops.
Tomi Engdahl says:
Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
https://developer.arm.com/support/security-update
Tomi Engdahl says:
A Critical Vulnerability Spares Security of ARM Microcontrollers
http://www.electronicdesign.com/embedded-revolution/critical-vulnerability-spares-security-arm-microcontrollers
When Intel revealed that almost all its computer chips were exposed to exploits that could allow hackers to swipe their memory contents, the company denied that it alone was afflicted. The Meltdown vulnerability is specific to Intel, but the company said that it would work with rivals AMD and ARM to resolve another fault that also affects them, called Spectre.
ARM is the company behind an architecture that has been shipped in more than four billion chips installed in everything from smartphones to factories, and which is inside chips vulnerable to the Spectre flaw. The company recently revealed that the exploit does not affect its microcontrollers, but it could pose a threat to higher performance chips.
Tomi Engdahl says:
The Intel Processor Flaw and Its Impact on Embedded Developers
http://www.electronicdesign.com/embedded-revolution/intel-processor-flaw-and-its-impact-embedded-developers
Intel has a problem with its processors, and from what we’ve found out, embedded applications could suffer a “Meltdown.”
Intel chips dominate the server and PC markets, but they’re also widely used in embedded applications. A serious flaw, called Meltdown, has been found in these chips, and the fix could have significant implications. The details of the flaw and fix are still under wraps. However, we do know some information about the issue and the potential fix. All of this comes on the heels of the Intel Management Engine problem that affected a large number of Intel processors.
The snag appears to be how the memory management unit (MMU) protects memory—a key to implementing a secure system. The issue relates to kernel memory and how it can be examined from a conventional application. The solution is to not include any kernel memory in the application’s virtual-memory (VM) space. Patches for Windows, Linux, and MacOS are in the works, and other operating systems that target the Intel platforms will likely have changes as well.
Developers will need to work with their software suppliers for these changes. Any operating system with virtual-memory or virtual-machine support running on processors with this flaw will require changes to address it.
The Meltdown bug is now documented as CVE-2017-7574. Two other major bugs, known as Spectre, have been reported as well. These include bounds check bypass (CVE-2017-5753) and branch target injection (CVE-2017-5715). Meltdown is found in Intel platforms while Spectre can affect AMD and ARM Cortex-A platforms.
To Share or Not to Share
The problem is a design tradeoff between keeping the kernel in its own address space and sharing some with an application. Keeping everything in the kernel’s own address space means only the kernel has access to it, but any calls from an application to the kernel now require a major state swap that incurs more overhead. It’s one reason why many microkernel approaches have a hard time challenging monolithic kernels like Linux in terms of performance.
Tomi Engdahl says:
Patched Desktop PC: Meltdown & Spectre Benchmarked
Big Slow Down for SSDs, But This Ain’t Over Yet
https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/
Following up to our initial testing of the Meltdown patch for Windows 10, today we’re looking deeper into the matter by testing a patched desktop system, by addressing the two now famous security flaws, Meltdown and Spectre, by applying the OS-level patch and a firmware update, more precisely a motherboard BIOS update.
If you read our previous article on the matter, it came within 24 hours of the emergency Windows 10 patch release intended to address the Meltdown vulnerability.
However the Windows patch only addressed Meltdown, and by now you’ve no doubt become familiar of the second vulnerability called Spectre. Because Spectre is the result of a fundamental CPU design flaw, it can’t be fixed, at least not entirely. The firmware update needed to correct it mitigates the problem, but doesn’t completely address the vulnerability.
This is still primarily an Intel CPU flaw. AMD’s official word is that one of the two Spectre variants doesn’t impact them at all, while the one that does is easily resolved by a software update that shouldn’t impact performance in any meaningful way. Variant “three” which is Meltdown, doesn’t impact AMD at all.
First up we have the Core i3 Cinebench R15 results and very little has changed here, from the pre-update we see less than a 2% reduction in multi-thread score and 1% for the single thread test, so that’s pretty well within the margin of error.
Now this is a little more interesting, the Windows patch plus BIOS update was consistently 3% slower than the previously tested configurations.
So here we are, our first game benchmark result and well things don’t look that dramatic. We do see about a 4% reduction in performance and the Core i3-8100 was consistently slower in this test by 3-4%.
Moving on we have Ashes of the Singularity: Escalation and again we see a 3 – 4% reduction in performance with the updates installed. Not a massive decline but a reduction in frame rate all the same and again the updated configuration did consistently come in slower.
Okay so what about storage performance as this was the only area where we saw any real impact last time. Let’s start with the Samsung SSD 950 Pro NVMe drive on the Core i7-8700K system.
Here we see a 5% reduction in throughput for the sequential write test, a 8% reduction for the 4K-64 thread write test and 20% for the 4K write result, this is seen when comparing the pre-update configuration to the windows and BIOS update configuration.
Then when we move to the 4K queue depth of 32 test and find around a 10% drop for both the read and write results.
I then decided to do some testing with Atto Disk Benchmark and ohh boy what’s gone wrong here then. Both the sequential read and write tests took a massive hit here and again throughput was reduced by as much as 40% with the BIOS update applied. So if this has happened to an NVMe SSD, what does this mean for your more run of the mill SATA SSDs?
The 4K queue depth of 32 results see a small decline of around 3%, so nothin to alarming. That said we still see a big hit for the 4K transfers which is interesting, writes dropped by 27% and reads by 19%.
Conclusion, So Far
We want to start by saying… take those storage results with a grain of salt, at least for now. Until they can be confirmed with at least one other reliable source, we wouldn’t go too crazy over the potential performance impact there.
Horrible storage performance aside we consistently saw less than a 5% reduction in gaming performance, you’re looking at around a 3-4% drop for the most part when CPU limited, less when GPU limited.
Then we have the more commonly used applications like Excel and 7-zip which seem unaffected, and we found little to no impact for those doing content creation type work as well.
On the GPU front, Nvidia is reportedly also affected, so there will be loads of additional tests to be done when time comes. Our interpretation from Nvidia’s blog is that they rely on CPU-like aggressive branch prediction on their GPU architectures. It’s part of their performance gains over consecutive generations. The flaw appears to be the same as Intel CPUs, in that speculative operations occur without security checks first, as a secure design should be done.
Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels.
The vulnerability has three known variants:
Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.
Tomi Engdahl says:
How to check Linux for Spectre and Meltdown vulnerability
https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/
How do I check if my Linux server is still vulnerable to Spectre and Meltdown CPU bugs?
Spectre & Meltdown Checker is a shell script that check for the following Intel/AMD/ARM and other CPUs for bugs
Tomi Engdahl says:
Speculative Execution Was A Troublemaker For Xbox 360
https://hackaday.com/2018/01/08/speculative-execution-was-a-troublemaker-for-xbox-360/
Part of why people can’t stop talking about Meltdown/Spectre is the fact that all the individual pieces have been sitting in plain sight for a long time. When everyone saw how it all came together last week, many people (and not even necessarily security focused people) smacked themselves on the forehead: “Why didn’t I see that earlier?” Speculative execution has caused headaches going way back. [Bruce Dawson] tells one such story he experienced back in 2005. (Warning: ads on page may autoplay video.)
It’s centered around Xbox 360’s custom PowerPC processor. Among the customization on this chip was the addition of an instruction designed to improve memory performance. This instruction was a hack that violated some memory consistency guarantees held by the basic design, so they knew up front it had to be used very carefully. Even worse: debugging problems in this area were a pain. When memory consistency goes wrong, the code visible in the debugger might not be the actual code that crashed.
Finding a CPU Design Bug in the Xbox 360
https://randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/
Tomi Engdahl says:
Go Retro to Build a Spectre and Meltdown-Proof x86 Desktop
https://hackaday.com/2018/01/07/go-retro-to-build-a-spectre-and-meltdown-proof-x86-desktop/
Tomi Engdahl says:
Romain Dillet / TechCrunch:
Apple releases macOS 10.13.2 supplemental update and iOS 11.2.2 with security improvements to Safari and WebKit to mitigate Spectre vulnerability — Apple just released iOS 11.2.2 with some Safari and WebKit improvements to mitigate the Spectre vulnerability. macOS is also receiving an update.
Apple releases iOS and macOS updates with a mitigation for Spectre
https://techcrunch.com/2018/01/08/apple-releases-ios-and-macos-updates-with-a-mitigation-for-spectre/
Apple just released iOS 11.2.2 with some Safari and WebKit improvements to mitigate the Spectre vulnerability. macOS is also receiving an update. It’s a supplemental update to macOS High Sierra 10.13.2 and it includes the same fix.
Tomi Engdahl says:
Intel CEO sold shares before chip security flaw disclosed
https://m.phys.org/news/2018-01-intel-ceo-sold-chip-flaw.html
CEO Brian Krzanich sold about $39 million in stocks and options in late November, before the security vulnerability was publicly known. Intel says it was notified about the bugs in June.
Tomi Engdahl says:
Intel CEO: Meltdown and Spectre patches will come to 90%+ of chips in the next week
https://techcrunch.com/2018/01/08/intel-ces/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
“I want to thank the industry for coming together to address the recent security, industry-wide issue. Security is job number one for Intel and our industry,” he said. “The primary focus for us has to keep our customer data safe.”
He said that Intel had not received any information that any data has been compromised on its chips to date. “We are working tirelessly to make sure it stays that way,” he added.
He also said that Intel expects to issue updates to its processors soon. More than 90 percent will be getting them within the week, and the rest by the end of January.
He also added that the impact of the security patches will be “highly workflow dependent”, he said. “We will continue to work with industry to minimise the impact on workloads over time.”
Tomi Engdahl says:
It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs
KB4056892 is not your friend if you run an Athlon
https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/
Microsoft’s fix for the Meltdown and Spectre bugs may be crocking AMD-powered PCs.
Tomi Engdahl says:
Patched Desktop PC: Meltdown & Spectre Benchmarked
Big Slow Down for SSDs, But This Ain’t Over Yet
https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/
Following up to our initial testing of the Meltdown patch for Windows 10, today we’re looking deeper into the matter by testing a patched desktop system, by addressing the two now famous security flaws, Meltdown and Spectre, by applying the OS-level patch and a firmware update, more precisely a motherboard BIOS update.
If you read our previous article on the matter, it came within 24 hours of the emergency Windows 10 patch release intended to address the Meltdown vulnerability. We ran tests that made sense from the perspective of a desktop user and we found there was virtually no impact on gaming performance and no impact for content creators. There were however a few troubling results for NVMe storage devices, mostly impacting 4K read performance. Since then other fellow tech media outlets have published similar findings.
Tomi Engdahl says:
‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown
https://www.bloomberg.com/news/articles/2018-01-08/-it-can-t-be-true-inside-the-semiconductor-industry-s-meltdown
Technology titans work in secrecy for months to fix key flaws
Researchers uncover security holes too big to believe
Months earlier, cybersecurity researcher Anders Fogh had posted a blog suggesting a possible way to hack into chips powering most of the world’s computers, and the friends spent part of the evening trying to make sense of it. The idea nagged at Prescher, so when he got home he fired up his desktop computer and set about putting the theory into practice. At 2 a.m., a breakthrough: he’d strung together code that reinforced Fogh’s idea and suggested there was something seriously wrong.
“My immediate reaction was, ‘It can’t be true, it can’t be true,’” Prescher said.
Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys. The biggest technology companies, including Microsoft Corp., Apple Inc., Google and Amazon.com Inc. are rushing out fixes for PCs, smartphones and the servers that power the internet, and some have warned that their solutions may dent performance in some cases.
Tomi Engdahl says:
Intel to form new cybersecurity group amid chip flaw: report
https://www.reuters.com/article/us-intel-restructuring/intel-to-form-new-cybersecurity-group-amid-chip-flaw-report-idUSKBN1EY06R
Intel Corp (INTC.O) will create a new internal cybersecurity group in the wake of recently disclosed flaws in its microchips, the Oregonian newspaper reported on Monday, citing a memo sent to company employees.
The new group would be run by Intel human resources chief Leslie Culberstone who has worked in the chipmaker since 1979 and would be called, “Intel Product Assurance and Security,” according to the report.
Tomi Engdahl says:
Raspberry Pi Ain’t Afraid Of No Spectre And Will Not Meltdown
https://hackaday.com/2018/01/09/raspberry-pi-aint-afraid-of-no-spectre-and-will-not-meltdown/
While there’s broad agreement that Meltdown and Spectre attacks are really bad news at a fundamental level, there is disagreement on its immediate practical impact in the real world. Despite reassurance that no attacks have been detected in the wild and there’s time to roll out the full spectrum of mitigation, some want to find protection right now. If you’re interested in an usable and easy to set up modern desktop that’s free of Meltdown or Spectre threats, a Raspberry Pi can provide the immunity you seek.
While these ARM cores perform speculative instruction fetches, they don’t speculatively execute them or modify the cache. Under the current circumstances, that makes all the difference in the world.
The platform has its own set of security problems, but today Meltdown/Spectre is not among them.
Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Tomi Engdahl says:
How the Meltdown and Spectre security holes fixes will affect you
http://www.zdnet.com/article/how-the-meltdown-and-spectre-security-holes-fixes-will-affect-you/
Get ready to patch every piece of computing gear in your home and company to deal with this CPU nightmare.
Tomi Engdahl says:
Spectre mitigations arrive in latest Nvidia GPU drivers
Graphics giant determines GPUs also fall foul of Spectre issues.
http://www.zdnet.com/article/spectre-mitigations-arrive-in-latest-nvidia-gpu-drivers/
It’s not just CPUs that are impacted by Spectre, as graphics giant Nvidia has released a new set of drivers that contain some mitigations against the side-channel vulnerability.
In a short security bulletin, Nvidia said it had no reason to believe it was affected by the largely Intel-specific Meltdown, but its entire GeForce, Quadro, NVS, Tesla, and Grid products were hit by Spectre.
Updated drivers for GeForce, Quadro, and NVS are available now, with all Tesla and Grid drivers to be updated before the end of the month.
After this initial release, Nvidia said it would work with its partners on further mitigations.
Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
Tomi Engdahl says:
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
What Steps Should I Take to Help Protect My System?
Currently three exploits have been demonstrated as technically possible. In partnership with our silicon partners, we have mitigated those through changes to Windows and silicon microcode.
Because Windows clients interact with untrusted code in many ways, including browsing webpages with advertisements and downloading apps, our recommendation is to protect all systems with Windows Updates and silicon microcode updates.
For Windows Server, administrators should ensure they have mitigations in place at the physical server level to ensure they can isolate virtualized workloads running on the server. For on-premises servers, this can be done by applying the appropriate microcode update to the physical server, and if you are running using Hyper-V updating it using our recent Windows Update release.
Windows Server customers, running either on-premises or in the cloud, also need to evaluate whether to apply additional security mitigations within each of their Windows Server VM guest or physical instances. These mitigations are needed when you are running untrusted code within your Windows Server instances (for example, you allow one of your customers to upload a binary or code snippet that you then run within your Windows Server instance) and you want to isolate the application binary or code to ensure it can’t access memory within the Windows Server instance that it should not have access to. You do not need to apply these mitigations to isolate your Windows Server VMs from other VMs on a virtualized server, as they are instead only needed to isolate untrusted code running within a specific Windows Server instance.
We currently support 45 editions of Windows. Patches for 41 of them are available now through Windows Update. We expect the remaining editions to be patched soon.
Tomi Engdahl says:
Intel will have Meltdown and Spectre fixes for 90 percent of recent products within a week
The elephant in the keynote
https://www.theverge.com/2018/1/8/16866600/intel-ceo-spectre-meltdown-updates-fix-brian-krzanich-ces-2018
Tomi Engdahl says:
Getting a Handle on Meltdown Update Impact, Stay Tuned for Spectre
https://hackaday.com/2018/01/09/getting-a-handle-on-meltdown-update-impact-stay-tuned-for-spectre/
When news broke on Meltdown and Spectre ahead of the original disclosure plan, word spread like wildfire and it was hard to separate fact from speculation. One commonly repeated claim was that the fix would slow down computers by up to 30% for some workloads. A report released by Microsoft today says that “average users” with post-2015 hardware won’t notice the difference. Without getting into specific numbers, they mention that they expect folks running pre-2015 hardware to experience noticeable slowdowns with the patches applied.
The impact from Meltdown updates are easier to categorize: they slow down the transition from an user’s application level code to system level kernel code. The good news: such transitions were already a performance killjoy before Meltdown came along. There exists an extensive collection of tools (design patterns, libraries, and APIs) to help software developers reduce the number of user-kernel transitions.
Performance sensitive code that were already written to minimize kernel transitions will suffer very little from Meltdown updates. This includes most games and mainstream applications. The updates will have a greater impact on the minority of applications that frequently jump between kernel and user worlds. Antivirus software (with their own problems) have reasons to do so, and probably will end up causing most of the slowdowns seen by normal users.
Servers, with their extensive disk and networking IO — and thus kernel usage — are going to have a much worse time, even as seen through Microsoft’s rosy spectacles. So much so that Microsoft is recommending that admins “balance the security versus performance tradeoff for your environment”.
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
Tomi Engdahl says:
Microsoft Suspends CPU Flaw Patches for AMD Devices
http://www.securityweek.com/microsoft-suspends-cpu-flaw-patches-amd-devices
Microsoft Will Not Deliver Security Updates to Devices With Incompatible Antiviruses
Users whose computers have AMD processors no longer receive the recent Windows updates designed to patch the Meltdown and Spectre vulnerabilities, and Microsoft has warned that some systems may not receive upcoming security updates if the antivirus running on them has not set a specific registry key.
Several individuals whose devices are powered by some AMD processors, particularly older models, complained that they had been unable to boot Windows 10 after installing KB4056892, an update released by Microsoft in response to flaws affecting Intel, AMD and ARM processors.
Tomi Engdahl says:
Apple Adds Spectre Protections to Safari, WebKit
http://www.securityweek.com/apple-adds-spectre-protections-safari-webkit
Updates released by Apple on Monday for iOS, macOS and Safari should mitigate the effects of the vulnerabilities exploited by the recently disclosed attack method named Spectre.
Apple informed customers that iOS 11.2.2 and macOS High Sierra 10.13.2 Supplemental Update include security improvements for Safari and WebKit. The Safari improvements are also included in version 11.0.2 of Apple’s web browser.
The latest updates address the Spectre vulnerabilities, specifically CVE-2017-5753 and CVE-2017-5715. Mitigations for the Meltdown attack were rolled out by Apple, before the flaws were disclosed, with the release of iOS 11.2, macOS 10.13.2 and tvOS 11.2. Apple Watch is not vulnerable to either of the attack methods.
Apple’s analysis showed that the Spectre vulnerabilities “are extremely difficult to exploit,” even by a local app running on iOS or macOS, but the company warned that remote exploitation via JavaScript running in the browser is possible.
Tomi Engdahl says:
Microsoft Patches for CPU Flaws Break Windows, Apps
http://www.securityweek.com/microsoft-patches-cpu-flaws-break-windows-apps
Users have complained that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities cause Windows to break down on some computers with AMD processors.
Several individuals whose computers rely on AMD processors, particularly older Athlon models, say they are unable to start Windows 10 after installing KB4056892, an update released by Microsoft in response to the disclosure of serious flaws affecting Intel, AMD and ARM processors.
The security holes have been dubbed Spectre and Meltdown and they allow malicious applications to bypass memory isolation mechanisms and access passwords, photos, documents, emails, and other sensitive information. Both local and remote exploitation are possible.
Tomi Engdahl says:
Hackers Expected to Remotely Exploit CPU Vulnerabilities
http://www.securityweek.com/hackers-expected-remotely-exploit-cpu-vulnerabilities
Security experts believe hackers will soon start to remotely exploit the recently disclosed vulnerabilities affecting Intel, AMD and ARM processors, if they haven’t done so already.
Researchers disclosed on Wednesday the details of Spectre and Meltdown, two new attack methods targeting CPUs. The attacks leverage three different flaws and they can be used to bypass memory isolation mechanisms and gain access to sensitive data, including passwords, photos, documents, and emails.
The affected CPUs are present in billions of products, including PCs and smartphones, and attacks can also be launched against cloud environments.
The best protection against these attacks is the use of kernel page table isolation (KPTI) and affected vendors have already started releasing patches and workarounds.
Researchers have developed a proof-of-concept (PoC) for Google Chrome that uses JavaScript to exploit Spectre and read private memory from the process in which it runs.
Tomi Engdahl says:
Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patches
http://www.securityweek.com/microsoft-intel-share-data-performance-impact-cpu-flaw-patches
Microsoft and Intel have shared more information on the performance impact of the patches released for the recently disclosed attack methods known as Spectre and Meltdown.
The Spectre and Meltdown exploits work on systems using CPUs from Intel, AMD and ARM, and they allow malicious applications to bypass memory isolation mechanisms and access passwords, photos, documents, emails, and other sensitive information. Patches and workarounds have been released by both hardware and software vendors, but they may introduce significant performance penalties.
Intel has insisted that average computer users – owners of typical home and business PCs – should not see any significant impact on performance during common tasks, such as reading emails, viewing photos or writing documents. Benchmark tests conducted by the company using SYSmark 2014 showed an impact of 6 percent or less for 8th Generation Core platforms with solid state storage.
All but two of currently supported Intel processors are said to be affected by the Spectre and Meltdown vulnerabilities. However, a technology called PCID (Process-Context Identifiers), which is present in newer processors, should lessen impact on performance.
Intel says it has yet to “build a complete picture of the impact on data center systems,” but points to statements from major vendors who have conducted tests.
After conducting more tests, Microsoft pointed out that mitigations for Meltdown (CVE-2017-5754) and one of the Spectre flaws (CVE-2017-5753) have minimal performance impact, but the remediation for the second Spectre vulnerability (CVE-2017-5715) does introduce more significant performance penalties.
Specifically, Microsoft found that users running Windows 10 on newer chips (2016-era PCs with Skylake, Kabylake or newer CPUs) should not notice any slowdowns. While there are some single-digit performance penalties, they are reflected in milliseconds.
On the other hand, when running Windows 10, Windows 8 or Windows 7 on devices with older chips (2015-era PCs with Haswell or older CPUs), benchmark tests showed more significant penalties and users may actually notice a decrease in performance.
In the case of Windows Server, regardless of what type of chip is used, a more significant performance impact is expected after mitigations are applied, particularly in the case of IO-intensive applications. In the case of Windows Server, Microsoft has actually advised users to evaluate the risk of untrusted code running on their machines and “balance the security versus performance tradeoff” for their specific environment.
Red Hat has also reported seeing measurable performance impact, ranging between 8 and 19 percent, for operations involving highly cached random memory.
Amazon said it had not observed any significant performance impact for the overwhelming majority of EC2 workloads, but some AWS customers have complained about degraded performance after the patches were applied starting with December.
Epic Games informed users recently that the CPU usage of its backend cloud services increased significantly after Meltdown mitigations were applied, which led to login issues and service instability.
Industry Testing Shows Recently Released Security Updates Not Impacting Performance in Real-World Deployments
https://newsroom.intel.com/news-releases/industry-testing-shows-recently-released-security-updates-not-impacting-performance-real-world-deployments/
Tomi Engdahl says:
Microsoft’s Windows 7 Meltdown and Spectre Patch (KB4056894) Failing with BSOD UPDATED
This appears to be happening on PCs with AMD Athlon 64 X2
http://news.softpedia.com/news/microsoft-s-windows-7-meltdown-and-spectre-patch-kb4056894-failing-with-bsod-519264.shtml
UPDATE, January 9: Microsoft confirmed the issue and pulled the update until a fix is ready. Original article below.
Microsoft was one of the first companies to ship Meltdown and Spectre patches for all Windows versions that are still getting support, yet it turns out that at least two of these updates are doing more harm than good.
Tomi Engdahl says:
Getting a Handle on Meltdown Update Impact, Stay Tuned for Spectre
https://hackaday.com/2018/01/09/getting-a-handle-on-meltdown-update-impact-stay-tuned-for-spectre/
When news broke on Meltdown and Spectre ahead of the original disclosure plan, word spread like wildfire and it was hard to separate fact from speculation. One commonly repeated claim was that the fix would slow down computers by up to 30% for some workloads. A report released by Microsoft today says that “average users” with post-2015 hardware won’t notice the difference. Without getting into specific numbers, they mention that they expect folks running pre-2015 hardware to experience noticeable slowdowns with the patches applied.
The impact from Meltdown updates are easier to categorize: they slow down the transition from an user’s application level code to system level kernel code. The good news: such transitions were already a performance killjoy before Meltdown came along. There exists an extensive collection of tools (design patterns, libraries, and APIs) to help software developers reduce the number of user-kernel transitions.
Tomi Engdahl says:
One of the paper’s authors reports that paravirtualization (Xen) and containers such as Docker, LXC, and OpenVZ, are affected.[50] They report that the attack on a fully virtualized machine allows the guest user space to read from the guest kernel memory, but not read from the host kernel space.
Source: https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
Tomi Engdahl says:
Microsoft Says CPU Security Fixes Slow Computers
https://www.eetimes.com/document.asp?doc_id=1332831
Patches issued by Microsoft to safeguard against the Spectre and Meltdown vulnerabilities uncovered by researchers have a noticeable impact on PC performance in systems with older Intel processors, Microsoft said Tuesday
PCs with running Windows 10 with newer Intel processors — Skylake, Kabylake or newer — will experience performance decreases so slight — measured in microseconds — that most users are unlikely to notice, Microsoft said.
Patches issued to mitigate Meltdown and one variant of Spectre have minimal performance impact, Microsoft said in a posting on its website. However, mitigations for Spectre variant 2 to carry a performance impact that will be noticeable on systems from 2015 or earlier running Windows 10, Windows 8 or Windows 7, the company said.
Tomi Engdahl says:
Meltdown Code Proves Concept
https://hackaday.com/2018/01/11/meltdown-code-proves-concept/
If you’ve read about Meltdown, you might have thought, “how likely is that to actually happen?” You can more easily judge for yourself by looking at the code available on GitHub. The Linux software is just proof of concept, but it both shows what could happen and — in a way — illustrates some of the difficulties in making this work. There are also two videos in the repository that show spying on password input and dumping physical memory.
The interesting thing is that there are a lot of things that will stop the demos from working. For example a slow CPU, a CPU without out-of-order execution, or an imprecise high-resolution timer. This is apparently especially problematic in virtual machines.
There are five tests, including one that just reads ordinary memory that you can read anyway. This is a test to show that the library is working. After that, another demo — which requires root — dumps out the kernel address space mapping, which is normally secret and changes on each boot. Although this requires root, the authors claim it is possible to do without root, it just takes longer.
https://github.com/IAIK/meltdown/
Tomi Engdahl says:
Spectre and Meltdown: Attackers Always Have The Advantage
https://hackaday.com/2018/01/10/spectre-and-meltdown-attackers-always-have-the-advantage/
While the whole industry is scrambling on Spectre, Meltdown focused most of the spotlight on Intel and there is no shortage of outrage in Internet comments. Like many great discoveries, this one is obvious with the power of hindsight. So much so that the spectrum of reactions have spanned an extreme range. From “It’s so obvious, Intel engineers must be idiots” to “It’s so obvious, Intel engineers must have known! They kept it from us in a conspiracy with the NSA!”
We won’t try to sway those who choose to believe in a conspiracy that’s simultaneously secret and obvious to everyone. However, as evidence of non-obviousness, some very smart people got remarkably close to the Meltdown effect last summer, without getting it all the way. [Trammel Hudson] did some digging and found a paper from the early 1990s (PDF) that warns of the dangers of fetching info into the cache that might cross priviledge boundaries, but it wasn’t weaponized until recently. In short, these are old vulnerabilities, but exploiting them was hard enough that it took twenty years to do it.
Building a new CPU is the work of a large team over several years. But they weren’t all working on the same thing for all that time. Any single feature would have been the work of a small team of engineers over a period of months. During development they fixed many problems we’ll never see. But at the end of the day, they are only human. They can be 99.9% perfect and that won’t be good enough, because once hardware is released into the world: it is open season on that 0.1% the team missed.
In Intel’s x86 lineage of processors, the Pentium Pro in 1995 was first to perform speculative execution. It was the high-end offering for demanding roles like multi-user servers, so it had to keep low-privilege users’ applications from running wild. But the design only accounted for direct methods of access. The general concept of side-channel attacks were well-established by that time in the analog world but it hadn’t yet been proven applicable to the digital world.
https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf
Tomi Engdahl says:
Spectre and Meltdown Attacks Against Microprocessors
https://www.schneier.com/blog/archives/2018/01/spectre_and_mel_1.html
Tomi Engdahl says:
More about Spectre and the PowerPC (or why you may want to dust that G3 off)
http://tenfourfox.blogspot.fi/2018/01/more-about-spectre-and-powerpc-or-why.html
UPDATE: IBM is releasing firmware patches for at least the POWER7+ and forward, including the POWER9 expected to be used in the Talos II. My belief is that these patches disable speculative execution through indirect branches, making the attack much more difficult though with an unclear performance cost. See below for why this matters.
Most of the reports on the Spectre speculative execution exploit have concentrated on the two dominant architectures, x86 (in both its AMD and Meltdown-afflicted Intel forms) and ARM. In our last blog entry I said that PowerPC is vulnerable to the Spectre attack, and in broad strokes it is. However, I also still think that the attack is generally impractical on Power Macs due to the time needed to meaningfully exfiltrate information on machines that are now over a decade old, especially with JavaScript-based attacks even with the TenFourFox PowerPC JIT (to say nothing of various complicating microarchitectural details). But let’s say that those practical issues are irrelevant or handwaved away. Is PowerPC unusually vulnerable, or on the flip side unusually resistant, to Spectre-based attacks compared to x86 or ARM?
To determine the PowerPC’s vulnerability requires looking at how it does branch prediction and indirect branching. Indirect branching
The branch prediction capabilities of these PowerPC chips are not massively different from other architectures’.
Bottom line? Spectre is still not a very feasible means of attack on Power Macs, as I have stated, though the possibilities are better on the G5 and later Power ISA designs which are faster and have more branch tricks that can be subverted.
Tomi Engdahl says:
Potential Impact on Processors in the POWER family
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
On Wednesday, January 3, researchers from Google announced a security vulnerability impacting microprocessors, including processors in the IBM POWER family.
This vulnerability doesn’t allow an external unauthorized party to gain access to a machine, but it could allow a party that has access to the system to access unauthorized data.
If this vulnerability poses a risk to your environment, then the first line of defense is the firewalls and security tools that most organizations already have in place.
Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems.
Tomi Engdahl says:
[LIST] of CPU’s most likely immune to Spectre
https://forum.level1techs.com/t/list-of-cpus-most-likely-immune-to-spectre/123128
The Spectre vulnerability relies on a CPU making use of speculative45 execution specifically tied with branch prediction, together with Out of order execution28 architecture processors. Spectre should not work against in-order execution processors without branch prediction or other speculative features. But there are some in-order execution processors with branch prediction and speculative issuing that are immune. (See Cortex-A53) And some that are not. (See Cortex-A863)
Tomi Engdahl says:
Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).
Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.
Tomi Engdahl says:
Implications of Spectre / Meltdown on PowerPC
https://community.nxp.com/thread/467492
Detailed investigations are running, we will come back with more information. Thanks for you patience.
Tomi Engdahl says:
Intel: Chip performance takes a 6% hit with security updates
https://www.cnet.com/news/intel-spectre-meltdown-chip-performance-6-percent-slowdown-security-updates/
Patches that fix the Spectre and Meltdown flaws also make the processors run slower in some circumstances, according to Intel.
Tomi Engdahl says:
Microsoft Says CPU Security Fixes Slow Computers
https://www.eetimes.com/document.asp?doc_id=1332831
Patches issued by Microsoft to safeguard against the Spectre and Meltdown vulnerabilities uncovered by researchers have a noticeable impact on PC performance in systems with older Intel processors, Microsoft said Tuesday (Jan. 9).
Patches issued to mitigate Meltdown and one variant of Spectre have minimal performance impact, Microsoft said in a posting on its website. However, mitigations for Spectre variant 2 to carry a performance impact that will be noticeable on systems from 2015 or earlier running Windows 10, Windows 8 or Windows 7, the company said.
PCs with running Windows 10 with newer Intel processors — Skylake, Kabylake or newer — will experience performance decreases so slight — measured in microseconds — that most users are unlikely to notice, Microsoft said.
While some have reported that the fixes may hurt by performance by as much as 30 percent on systems with older Intel chips, Intel has stressed that the impact is highly workload dependent.
Tomi Engdahl says:
Chip industry meltdown: An insider’s account
http://www.livemint.com/Industry/ONkwQWbgrVrMAFFErgLbSN/Chip-industry-meltdown-An-insiders-account.html
Researchers began writing about the potential for security weaknesses at the heart of central processing units, or CPUs, at least as early as 2005
“My immediate reaction was, ‘It can’t be true, it can’t be true’,” Prescher said.
Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys. The biggest technology companies, including Microsoft Corp., Apple Inc., Google and Amazon.com Inc. are rushing out fixes for PCs, smartphones and the servers that power the internet, and some have warned that their solutions may dent performance in some cases.
Prescher was one of at least 10 researchers and engineers working around the globe—sometimes independently, sometimes together—who uncovered Meltdown and Spectre. Interviews with several of these experts reveal a chip industry that, while talking up efforts to secure computers, failed to spot that a common feature of their products had made machines so vulnerable.
“It makes you shudder,” said Paul Kocher, who helped find Spectre and started studying trade-offs between security and performance after leaving a full-time job at chip company Rambus Inc. last year. “The processor people were looking at performance and not looking at security.” Kocher still works as an adviser to Rambus.
Spectre fools the processor into running speculative operations—ones it wouldn’t normally perform— and then uses information about how long the hardware takes to retrieve the data to infer the details of that information. Meltdown exposes data directly by undermining the way information in different applications is kept separate by what’s known as a kernel, the key software at the core of every computer.
Researchers began writing about the potential for security weaknesses at the heart of central processing units, or CPUs, at least as early as 2005.
By 2013, other research papers showed that CPUs let unauthorized users see the layout of the kernel, a set of instructions that guide how computers perform key tasks like managing files and security and allocating resources. This vulnerability became known as a KASLR break and was the foundation for some of last week’s revelations.
In 2016, research by Felix Wilhelm and others demonstrated how an early version of speculative execution could make chips vulnerable to data leaks.
At Black Hat USA, a major cybersecurity conference in Las Vegas, in August 2016 a team from Graz Technical University presented their research from earlier in the year on a way to prevent attacks against the kernel memory of Intel chips.
Fogh had long been interested in “side-channel” attacks, ways to use the structure of chips to force computers to reveal data.
Fogh and Gruss stayed up late at night discussing the theoretical basis for what would later become Spectre and Meltdown. But, like Prescher more than a year later, the Graz team was skeptical this was a real flaw. Gruss recalls telling Fogh that the chipmakers would have uncovered such a glaring security hole during testing and would never have shipped chips with a vulnerability like that.
Despite Fogh’s encouragement, the Graz researchers still didn’t think attacks would ever work in practice. “That would be such a major f*ck-up by Intel that it can’t be possible,” Schwarz recalled saying. So the team didn’t dedicate much time to it.
In January 2017, Fogh said he finally made the connection to speculative execution and how it could be used to attack the kernel. He mentioned his findings at an industry conference on 12 January, and in March he pitched the idea to the Graz team.
By the middle of the year, the Graz researchers had developed a software security patch they called KAISER that was designed to fix the KASLR break. It was made for Linux
Being open source, all suggested Linux updates must be shared publicly, and KAISER was well received by the developer community. The researchers did not know it then, but their patch would turn out to help prevent Meltdown attacks.
Fogh published his blog on 28 July detailing efforts to use a Meltdown-style attack to steal information from a real computer running real software. He failed, again fuelling doubts among other researchers that the vulnerabilities could really be used to steal data from chips. Fogh also mentioned unfinished work on what would become Spectre, calling it “Pandora’s Box.” That got little reaction, too.
The Graz team’s attitude quickly changed, though, as summer turned to fall. They noticed a spike in programming activity on their KAISER patch from researchers at Google, Amazon and Microsoft. These giants were pitching updates and trying to persuade the Linux community to accept them—without being open about their reasons sometimes.
“That made it a bit suspicious,” Schwarz said.
On 1 June, Horn told Intel and other chip companies Advanced Micro Devices Inc. and ARM Holdings what he’d found. Intel informed Microsoft soon after. That’s when the big tech companies began working on fixes, including Graz’s KAISER patch, in private.
By November, Microsoft, Amazon, Google, ARM and Oracle Corp. were submitting so many of their own Linux updates to the community that more cybersecurity researchers began to realize something big— and strange—was happening.
Tests on the patches these tech giants were advocating showed serious implications for the performance of key computer systems. In one case, Amazon found that a patch increased the time it took to run certain operations by about 400%, and yet the cloud leader was still lobbying that every Linux user ought to take the fix, according to Gruss. He said this made no sense for their original KAISER patch, which would only ever impact a small sub-section of users.
Gruss and other researchers became more suspicious that these companies weren’t being completely honest about the rationale for their proposals.
In late November, another team of researchers at IT firm Cyberus Technology became convinced that Intel had been telling its main clients, such as Amazon and Microsoft, all about the issue, while keeping the full scale of the crisis hidden from Linux development groups.
On 3 December, a quiet Sunday afternoon, the Graz researchers ran similar tests, proving Meltdown attacks worked. “We said, ‘Oh God, that can’t be possible. We must have a mistake. There shouldn’t be this sort of mistake in processors,” recalled Schwarz.
The team told Intel the next day—around the same time Cyberus informed the chip giant. They heard nothing for more than a week. “We were amazed—there was no response,” Schwarz said.
On 13 December, Intel let Cyberus and the Graz team know that the problems they found had already been reported by Horn and others.
“They said we know it, but will publish it at the beginning of January,” Schwarz said. It had been roughly 180 days since Google unearthed it, and keeping such issues under wraps for more than 90 days is unusual, he noted.
Their public security updates soon attracted the attention of The Register, a U.K.-based technology news site, which wrote a story on 2 January saying Intel products were at risk.
Usually, flaws and their fixes are announced at the same time, so hackers don’t quickly abuse the vulnerabilities. This time, the details emerged early and patches weren’t ready. That led to a day and a night of frantic activity to arrange what all the companies would say in unison.
Intel put the statement out at 12pm Pacific Time on 3 January and held a conference call two hours later to explain what it said was a problem that could impact the whole industry.
Underlining the panic that spread following the announcement, Intel had to follow up with calming statements.
“This is just like peeling the lid off the can of worms,
Tomi Engdahl says:
How to install/update Intel microcode firmware on Linux
https://www.cyberciti.biz/faq/install-update-intel-microcode-firmware-linux/
How do I install or update microcode firmware for Intel/AMD CPUs on Linux using the command line option?
A microcode is nothing but CPU firmware provided by Intel or AMD. The Linux kernel can update the CPU’s firmware without the BIOS update at boot time. Processor microcode is stored in RAM and kernel update the microcode during every boot. These microcode updates from Intel/AMD needed to fix bugs or apply errata to avoid CPU bugs. This page shows how to install AMD or Intel microcode update using package manager or processor microcode updates supplied by Intel on Linux.