Slashdot Mirror
Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google's elite security team. These are the same bugs that have been reported earlier this week as affecting Intel CPUs. Google was planning to release details about Meltdown and Spectre next week but decided to publish the reports today "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."
No. Spectre affects AMD and ARM as well (and likely other architectures too).
Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.
These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.
-=Lothsahn=-
https://meltdownattack.com/
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
I just read the papers and it's actually a fascinating, and deceptively simple method. Out-of-order execution and execution prefetching causes a CPU to pre-execute instructions that are later on in the chain. If my program performs a divide-by-zero, which will cause an error when it happens, instruction pre-fetching and out of order execution has already in whole or part executed the instructions that happen after the error. So, you write your program to do this:
Something legal
Fork
Child:
Divide by Zero
Read of illegal memory
Parent:
Wait for child to crash
Read the prefetch cache to see what the out-of-order execution put in the cache when it read the illegal memory
In case that's not clear, a program forks. The child process induces an error, but after the error it has an instruction which would not normally be allowed, such as reading a portion of memory it wouldn't normally be able to. Out of order execution will already have begun performing the instruction, and because it doesn't have as rigorous controls on it, it actually reads the memory into the cache. This wouldn't be an issue, except there are ways to determine what a prefetch instruction resulted in. So the parent process waits for the child to crash and then it uses those instructions to determine the results of the prefetch which means you have just bypassed memory protection.
Of course it’s a flaw. It’s an unintended side-effect of speculative execution.
Please read the article. From it:
Meltdown uses out-of-order execution and a side channel attack that is unique to Intel. Spectre uses speculative execution and is more generalized, with tested proof-of-concept attack code on AMD and ARM.
Time to bust out my 486!
There is no XUL, only WebExtensions...
Re but one should at least entertain the possibility that it was.
A hardware version of PRISM? https://en.wikipedia.org/wiki/...
Room 641A Inside https://en.wikipedia.org/wiki/... most computers?
It was interesting how much of the NSA ANT catalog https://en.wikipedia.org/wiki/... connected to a computer rather than was able to work internally on a CPU as shipped?
Is the world missing the other part of the CPU catalog thats still doing collect it all missions?
Domestic spying is now "Benign Information Gathering"
Meltdown is the real problem here and that affects only all Intel CPUs since 1995 (except for Itanium and pre-2013 Atom) and one [sic!] ARM chip (I think Cortex-A75).
Spectre is linked to two vulnerabilities: the first one is difficult to exploit and solvable via software, the second one is very difficult to exploit. Spectre allows to read memory from the same process, so it is an issue only for JIT and VM code. Meltdown allows to read memory everywhere.
And why AMD and ARM may not be vulnerable to Meltdown:
No, they did test their Meltdown code on AMD and ARM but were not able to reproduce it on the chips they tested on.
That does not prove that a Meltdown-like attack on AMD or ARM is impossible, either on a different chip they did not test on or with a tweaked version of Meltdown.
From the actual article ("meltdown.pdf"):
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
No. Spectre affects AMD and ARM as well (and likely other architectures too).
Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.
These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.
Spectre is a red herring - there is no known way it can be exploited. Meltdown is far more dangerous and it can be exploited RIGHT NOW with a simple Javascript executed in a browser. Researchers demonstrated a Javascript exploit that uses Meltdown - and there is no telling who has already been compromised. But one thing is sure: non-Intel users have not been compromised.
Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations. And your posts smells a bit of sockpuppetry.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
32-bit ARM may be safer, because speculative execution is much, much more difficult there.
The program counter is a visible register that can be manipulated by any opcode - an explicit JUMP or BRANCH is not necessary. This makes branch prediction mostly impossible.
Most opcodes are conditional. This dependency between adjacent instructions is also a huge obstacle for speculative execution.
32-bit ARM is mostly in-order for these reasons.
https://www.jwhitham.org/2016/02/risc-instruction-sets-i-have-known-and.html
K5 was the first totally in-house designed AMD CPU and one of the first to do out of order execution, which is what these bugs exploit. Whether it is actually vulnerable would have to be tested.
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/Inverted_totalitarianism
Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations.
I'd caution against a false sense of security, based on one's choice of processor for your personal desktop.
There's no disagreement that "Meltdown" is the greater problem, and affects pretty much any Intel chip still functioning. It's important to remember that it's virtually guaranteed that connect to many servers that uses an affected processor every day. Those of us who maintain cloud infrastructures are particularly unhappy with the situation.
The fact that Meltdown is worse shouldn't distract from the fact that Spectre is bad.
The paper on Spectre is written by a number of people working for a number of organizations, but Intel isn't one of them. It has the following statement:
We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones
They go on to state they've verified the weakness on x86 using C and JavaScript (+ Google V8 JIT) bytecode.
Much like JavaScript cryptocurrency mining , the fact that something is hard doesn't mean it's not worth doing to those interested, and having browser-based JavaScript exposing data isn't a good thing.
Meltdown can be fixed fairly easily (AMD certainly shows it's possible to avoid the problem). Spectre, however, will be with us for a long time.
-- Sometimes you have to turn the lights off in order to see.
The attack checks which rows of cache got evicted by reading across a large array, requesting behavior by another process, and then re-reading the array timing how long each read takes. Each iteration of the attack reveals a byte of memory by identifying which cache row it affected.
Mark of the Coder fades from you. You perform Opening on World of Warcraft. Warcraft crits GPA for 4. GPA dies.
Google has exploited it. Look at Google Project Zero's write-up of these bugs. Spectre corresponds to "Variant 1 and Variant 2" in that blog post. You'll see that they successfuly exploit both, the second from a KVM guest.
It is true that Google cheat a little here, by using Linux's eBPF JIT engine (which, I hear, is normally disabled by default). From the blog post:
TCP: Why the Internet is full of SYN.
Meltdown uses out-of-order execution and a side channel attack that is unique to Intel. Spectre uses speculative execution and is more generalized, with tested proof-of-concept attack code on AMD and ARM.
On the other hand, Spectre only enables access to data to which the process had access to begin with. (Meh...)
Only a very small subset of software can actually be usefully abused, mostly due to bad software design :
- Google's demo relied on a non standard setting that turns on a JIT engine that runs user-provide arbitrary byte-code in-kernel (common, in-kernel ? What could possibly go wrong ! Seriously, there's a reason why this setting is non-standard).
- There are browser with bad designs that manage to keep sensitive data in the same context as remotely-provided Javascript code.
In other words, a problem waiting to happen. Spectre just happens to be the exploit which bit them now, but any other completely different exploit could have come in a couple of months and done similar damage.
Yup, it's bad that speculative execution may lead to some side effect, but it's working as intended.
It's the software which is stupid (or dangerous options turned on, as in the kernel) and should be fixed before another problems comes again.
---
Whereas Meltdown is an entire different level of worrying.
On Intel CPU, access rights are checked way to late, by that time speculative execution has had time to do stuff which can also be timed.
Other CPU (like AMD's) work much more sanely, doing the check first and not progressing anything. It cost a tiny bit of performance, but is more formally correct and ends up protecting against such problems.
That means that on Intel CPUs the whole set of guarantee that memory protection is supposed to give don't hold true any more.
It's the whole memory protection scheme flying out of the window.
On Intel CPUs memory protection has stoped working as it should.
The software is correct on relying on memory protection for security, it's Intel's protection that suddenly doesn't work anymore.
No matter if you write correct software.
On any other CPU protection works as it should, and non-stupid software is safe.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]