The Meltdown flaw lets hackers read information from applications’ memory at the kernel level
There had been some chatter in the cyber security world over the last month or so about a potential vulnerability for computers running Intel chips. That would be a big deal considering that as of 2016, Intel had 87.7% of the market share. There were some that worried that millions could be left vulnerable to snooping. Others were concerned that the patch would cause a dramatic slow-down for PCs. Either way, it would affect almost everyone.
And now that the flaw has been disclosed, it’s about as bad as anyone thought it could be.
Meltdown is a flaw that grants an attacker the ability to read information from applications’ memory at the kernel level. The Kernel is a part of the operating system that is crucial to everything functioning on the computer. I don’t want to get too deep into the weeds, but think of it almost like an air traffic controller. It manages system calls and resources, it has complete control over everything in the system.
So, even equipped with that (extremely) cursory definition, you can probably see why a flaw that lets attackers read information at the Kernel level is a bad thing. Everything – from passwords and personal information to your photos and documents – could be read by anyone exploiting the Meltdown flaw. This was all laid out in a white paper released yesterday.
The researchers, a mixture of academics and representatives from Google and Cyberus Technology, also discovered another vulnerability, Spectre, which is harder to exploit but much more difficult to mitigate as well. The researchers noted that pretty much everyone is affected by one of these two vulnerabilities. Under a Q&A section on the team’s website, the question “Am I affected by the bug?” Is answered rather frankly, “Most certainly, yes.”
Which I might add, would make for a fairly curious bedside manner.
But they are correct, any computer running an Intel chip from 1995 onwards (with the exception of Itanium and Atom chips made before 2013) is vulnerable. And again, 87.7% market share, and that’s actually shrinking as AMD grows. So this is going to affect a lot of people.
How does it work?
One of the safeguards on your computer is that it separates applications from reading information that passes through the kernel. Meltdown destroys that isolation, meaning one program can read another’s memory without permission.
“The bug basically melts security boundaries which are normally enforced by the hardware.”
Meltdown (and Spectre) exploit the way Intel systems handle speculative execution – the way it handles processes where the CPU is uncertain as to whether an instruction will run or not.
Now, the way things typically work is Intel guesses at the outcome, runs the process to get ahead of the task and then returns to execute the code once it figures out what’s going on. However, during this process, it seems Intel forgot to separate low-level permissions from accessing kernel-level memory. So basically, an attacker could use a malicious application to read the data that should be segregated.
Fortunately, the researchers only delivered a proof of concept that works for local attacks, so for this attack to work in the wild an attacker would already have to have access to a computer. Though this can be accomplished relatively easily with some good phishing or malware.
Intel Issues a Statement
On January 3, Intel issued the following statement:
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
What is Spectre?
In addition to Meltdown, the researchers also found a second vulnerability called Spectre, which is harder to exploit but also harder to mitigate. And unlike Meltdown, which is already being widely patched by the likes of Microsoft and Apple, there is no patch for Spectre. A Spectre attack causes an application to carry out speculative execution that “would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.”
This bug isn’t just limited to Intel, either. Computers running AMD and ARM are vulnerable, too. That means literally billions of machines are vulnerable.
Daniel Gruss, one of the researchers involved in the work, said that the Spectre attack works perfectly on AMD chips, but AMD disagrees.
“Based on the findings to date and the differences in AMD processor architecture, we believe there is near zero risk to AMD products at this time.”
For the laymen, Gruss couched both flaws in terms we can all understand:
“Think of a Star Wars movie where someone wants to steal money. Spectre is like a Jedi mind trick: you make someone else give you their money, this happens so quick that they don’t realize what they’re doing.
“Meltdown just grabs the money very quickly like a pickpocket. The Jedi mind trick is of course more difficult to do, but also harder to mitigate.”
Hey, Isn’t that Insider Trading?
Here’s one final little tidbit that makes this issue even more nuanced. Brian Krzanich is the CEO of Intel. On November 29th, a little over a month before this all became public, Krzanich sold 245,743 shares of Intel stock for around 11-million dollars.
That on its own isn’t too suspicious, but when you start adding it all up things begin to smell a bit… fishy.
For starters, Krzanich is required to maintain a minimum of 250,000 shares of Intel stock. His moves (which also included purchasing deeply discounted Intel stock and selling it publicly at the listed price – which isn’t illegal) left Krzanich with exactly 250,000 shares.
Per The Motley Fool’s Ashraf Eassa:
Instead, given that Krzanich seems to have sold all the shares he could save for those he is required by Intel’s corporate bylaws to hold, the impression that I get is that Krzanich doesn’t have a ton of faith in the potential for Intel stock to appreciate, perhaps driven by a lukewarm (or potentially even negative) view of the company’s near- to medium-term business prospects.