Meltdown and Spectre Vulnerabilities Explained

By
Dominic Chooper
-
4
50
Understanding Meltdown and Spectre Vulnerabilities

What are Meltdown and Spectre Vulnerabilities?

Meltdown and Spectre both refer to the two original transitory executions or classes of hardware vulnerabilities in the modern processors. These vulnerabilities involve micro-architectural timing and side-channel attacks.

Meltdown is a typical type of vulnerability experienced by the modern Intel processors which typically creates an informational barrier. This shields the privileged data from being dissolved effectively by the attack.

On the other hand, Spectre vulnerability encountered by all of the superscalar processors is so called because it involves speculative processing.

KEY TAKEAWAYS

  • Meltdown and Spectre vulnerabilities affect most of the modern processors, whether they are made by Intel or AMD, and whether they are used in a desktop or a laptop computer, or in any other mobile device.
  • While Meltdown has affected the Intel processors in particular for the past two decades, Spectre typically affects a fundamental part of most of the modern superscalar processors.
  • These vulnerabilities typically exist in the physical circuits of the processors and therefore are very hard to do away with, and therefore are expected to stay and haunt the world of computers for several years to come.
  • These attacks are very hard to avoid because most modern processors are superscalar and are affected by them, including those manufactured by Intel, AMD or ARM.
  • The best way to guard your device from Meltdown attacks is to install all of the updates that are available currently for the operating system that you are using on your device.

Understanding Meltdown and Spectre Vulnerabilities

Understanding Meltdown and Spectre Vulnerabilities

Spectre and Meltdown are hardware vulnerabilities and individually come with a number of variants based on the functionality of the specific silicon level.

There are about 13 Specter and 14 Meltdown variants identified.

Some processors may be more vulnerable to quite a few variants than others and it all depends on the differences between the manufactures and the architecture of the microprocessors.

Typically, Meltdown and Spectre vulnerabilities result from the flaws in the hardware design.

However, attempts to mitigate them on a software level have shown some success.

The existence of Meltdown and Spectre vulnerabilities in the modern processors were discovered separately by researchers at Graz University of Technology in Austria, and Google’s Project Zero in California in 2017, and were published on January 3, 2018.

It has been increasingly important to understand Spectre and Meltdown vulnerabilities since their initial disclosure.

Several security researchers are still studying these vulnerabilities to come up with better remedies.

Initially, it was thought that the AMD processors were more resilient to Meltdown, but, sadly, that was not the case.

The Meltdown and Spectre attacks are somewhat similar.

The exploits of Meltdown include:

  • A race condition between the privilege level checking and memory access while processing an instruction
  • A side channel attack in combination with a CPU cache
  • Bypassing privilege level checks
  • Allowing the operating system to access the memory used or other ongoing processes.

In some cases, this attack can also be used to read the memory in the related, virtualized software containers.

On the other hand, Spectre involves the victim to perform speculative operations while processing the instructions of a program that would ideally not occur during standard, serialized, and in-order processing.

This, in the process, leaks the confidential information of the victim through a secret channel to the adversary.

Processors that have this ability and design are known as superscalar processors, and, in fact, most of the modern processors are superscalar in design and nature.

These CPUs are typically used in the modern desktop and laptop computers and even in the mobile devices.

This means that the systems that use a scalar or ARM processor, such as the Raspberry Pi, will not be affected by Spectre attacks.

This is because they do not use speculative processing.

Typically, Spectre takes the advantage of the consumer processors being superscalar, which helps them in manipulating their guesses or speculative branch predictions in the following ways:

  • Instructions are issued by the attacker that are created with an intention to cause wrong guesses by the processor. This allows making an analysis by using a side channel.
  • It then uses this information to manipulate the specific code that the processor would carry out next. This even includes the private instructions of some other program that may be running.
Read Also:  What is Trusted Execution Technology (TXT)? (Explained)

This type of attack is known as branch target injection and cannot be implemented very easily.

This is because it needs to target the software of the system of the victim specifically.

Both of these vulnerabilities are very hard to fix because they exist in the physical circuitry of the processor.

However, you may be able to mitigate Meltdown attacks to some extent by making some tweaks to the operating system, but this will slow down its performance by a significant margin.

Meltdown and Spectre may also affect the web browsers. However, a few specific kinds of browsers have made efforts to reduce the chances of these attacks, especially with Meltdown attacks. For example:

  • The Firefox Quantum version 57 or higher is protected from such attacks while running any code in the browser, such as JavaScript.
  • Google has also declared that Chrome version 64 will mitigate these attacks in the browser.
  • Microsoft Edge, on the other hand, is supposed to be patched by Windows Updates automatically to mitigate Meltdown attacks.
  • Opera has also made a claim that their security update will mitigate the Meltdown vulnerability.

Typically, the smaller mobile devices using Android and iOS, such as smartphones and tablets, are vulnerable to both Meltdown and Spectre attacks, hypothetically.

Though there are quite a few new versions of Android and iOS devices that come with updates that may mitigate Meltdown attacks, as for the Spectre attacks, if possible, are very much unfeasible.

What Does Spectre Attack?

Spectre typically affects the modern microprocessors that come with a superscalar design that are able to perform different types of speculations including branch prediction.

Therefore, Spectre vulnerability typically attacks the processors used mostly in smartphones and tablets.

It also affects the computer chips made by Intel and Advanced Micro Devices Inc or AMD by causing leakage of information from the applications.

Ideally, it is done in four specify ways as follows:

  • Spectre-PHT – This results in bounds check bypass by exploiting the Pattern History Table.
  • Spectre-BTB – This results in branch target injection by exploiting the Branch Target Buffer.
  • Spectre-RSB – This results in Return Stack Buffer miscredits by exploiting it.
  • Spectre-STL – This results in speculative store bypass by exploiting the memory disambiguation prediction of the processors especially during store-to-load forwarding.

What is Meltdown in Cyber Security?

Meltdown in cyber security can cause serious threats imposed by malicious actors. This is because it is really hard to predict who they will go after since there are an abundance of unsuspecting and unprivileged victims in the cloud.

This means that the cloud services and businesses running their infrastructure on Google and Amazon Web Services or AWS Cloud must be extra cautious.

How easily can a hacker steal personal data and information of the clients and customers will depend on the infrastructure of the cloud service provider.

Realizing and knowing the threats imposed by Meltdown and Spectre vulnerabilities, the cloud service providers are racing against time to find a solution to these threats, while keeping things under wraps.

However, billions of computers, tablets, and mobile phones all over the world are affected by these vulnerabilities, and the statements released by Apple, Google and Microsoft confirm it.

However, in spite of the fact that these threats are still there, things can be slowed down a bit, if not prevented, with operating system patches and the latest security updates.

Implementing a reliable and powerful third-party antivirus software is also good to have installed and updated.

There are some fixes available, and more are being developed, to handle this vulnerability in Microsoft Windows, Linux, and macOS X operating systems.

It is expected that these fixes will alleviate the chances of such attacks at the kernel level. And, the performance cost of it is expected to hover around 5 to 10%.

Different updates are available for different kinds of operating systems in different stores. For example:

  • If you are using Windows 10, Windows 8, or Windows 7 operating system on your computer, you should always check and upgrade it with a new Windows Update.
  • If you are using the macOS X operating system, then you should update the security with what is available in the App Store and upgrade it.
  • If you are using an Android tablet or smartphone, you should install the newer security update from the store on your device.
  • If you are using iOS on your tablet or smartphone, you must install iOS 11.2 or greater on your device.

On the other hand, as for the Spectre attacks, there is no way at all to mitigate them by using any type of software program.

Read Also:  What is Dual Processor? Pros, Cons & More

How Do the Meltdown and Spectre Attacks Work?

While Meltdown creates an information barrier and reads the memory, which it is not supposed to, Spectre makes branch predictions.

Spectre and Meltdown both represent a specific class and are closely related variants. They are not singular flaws. However, Meltdown, Spectre, and all their variants work in almost the same pattern to attack the proceedings.

  • First, a speculation is triggered to execute the code as desired by the attacker.
  • Next, this code is used to read the memory or the secret data without having any permission for it.
  • Then, the secret is communicated by the attacks by using a side channel such as Flush, Reload or anything similar.

However, Meltdown breaks the most basic isolation between the operating system and the user applications.

This type of attack permits the program to access and read the memory and the secrets of other operating systems or programs.

Meltdown is a specific type of vulnerability that is encountered by the Intel processors and can be characterized by its behavior which may be summarized as follows.

  • When the CPU is asked to prefetch data, it reads it before checking the privileges of the user.
  • The processor functions in a different way depending on the type of data fetched, though it is not conveyed to the unprivileged user.
  • The performance of the processor can be monitored by the attacker using a side channel in order to differentiate the vital details of the data.

This information thus gathered creates a possibility of subsequent attacks. In some cases, it is, however, guaranteed.

Meltdown attacks, typically, are conducted in three basic steps such as:

  • The content of the memory location chosen and which is inaccessible by an attacker is loaded in the register.
  • A transitory instruction allows accessing a cache line depending on the secret information in the register.
  • The attacker uses a side channel to figure out the cache line accessed, and therefore, the stored secret at that particular memory location that is chosen.

Spectre, on the other hand, is pretty similar but it does not affect the exclusive behavior of the chip.

Instead, it targets the weaknesses of the fundamental design model of the processor that are known previously.

It can be characterized by its specific behavior as well and are summarized as follows:

This is good in a way because it expedites the processing significantly, but it is essential for the guess to be correct in the first place.

The working process of Spectre, therefore, involves the following three steps:

  • The processor is mistrained at the setup phase to make a wrong speculative prediction that can be exploited.
  • The processor is also made to execute instructions speculatively from the target context into a secret channel in the microarchitecture.
  • The recovery of the sensitive data is done by timing access to the memory locations in the processor cache.

What is Spectre and Meltdown Checker?

The Spectre and Meltdown Checker is actually a script. It is used to check whether or not a device is potentially exposed to rogue system register reads, bounds check bypass and other types of transient execution attacks.

Created and maintained by an open source community, this script or checker supports different open source operating systems to look for threats across different platforms created by different hardware vendors. It includes:

  • Cloud service providers
  • Individual developers
  • Software vendors and others.

This checker supports running in virtualized environments, on-premises, and also in containers.

The Spectre and Meltdown Checker ensures that the proper mitigations are in place within the system and are enabled.

However, it does not alleviate any of these threats by itself. It simply helps you to find out the risk exposure of your device.

It also does not make any modifications to the kernel or system since Meltdown and Spectre target only the features of the microarchitecture and the mitigations for the vulnerabilities are typically found in the software and/or in the microcode.

This useful tool will simply inspect the system hardware, the kernel image, and the microcode installed in the system to detect the existence of these threats and provide you with the necessary information.

This will help you to figure out whether or not your system needs any further mitigation.

The first step to using this checker is to install it on your device.

Usually, a few Linux distros will come with this tool already included in their repositories.

Read Also:  Hyper Threading and Multithreading: 8 Differences

You will just need to check the method of using it, such as Advanced Packaging Tool (APT) or Yellowdog Updater, Modified (YUM).

For others, you can check for necessary information at other websites such as GitHub or meltdown.ovh.

You will need to use this checker with administrator privileges to check different things such as:

  • The family and model number of the processor in your system
  • The stepping and Model Specific Registers or MSRs for each vulnerability listed that may affect your device.

If your system does not have any updated microcode, it will be listed as vulnerable to the Meltdown and Spectre threats.

At this stage, the checker does not check the mitigations, even if your system is already mitigated.

The checker checks the mitigations after this stage and ensures that they are appropriate because different vulnerabilities will have diverse mitigations.

If anything is found to be missing, it will inform you which particular component needs to be updated.

The first thing you should do after getting such a report is look for the right kind of update that will mitigate the issue. You can check it out with:

  • The application
  • The operating system
  • The hypervisor vendors.

Also, depending on the workload and the environment, you may be allowed to configure the mitigation for that particular condition and workload in a few transient execution attacks mitigation options.

Are Meltdown and Spectre Viruses?

No, neither Meltdown nor Spectre are true viruses. Instead, they are vulnerabilities that affect the CPU of a computer and exploit the flaws in the hardware to carry out an attack.

In fact, since these are not viruses or malware and simply the flaws in the hardware security, it is not possible to prevent them by using antivirus software.

The best way to protect a device is to keep the programs, apps and browsers updated.

Meltdown Vs Spectre

  • Meltdown is a vulnerability that allows a process to read the memory of a given system, but in comparison, Spectre is the vulnerability that allows reading the assigned memory for random locations for a program.
  • Meltdown typically breaks the most basic separation between the operating system and user applications, but Spectre breaks the isolation between several applications.
  • Meltdown can be remedied through software patches in the operating systems, but, in comparison, Spectre is hard to exploit and harder to mitigate, if not impossible.
  • Meltdown makes use of the privilege escalation flaw to read the memory of the system, but Spectre tricks the applications to perform instructions that they should not, allowing access to the information stored in the memory of the system by the hackers.
  • Meltdown vulnerability usually affects the Intel CPUs with the x86 microarchitecture, the IBM POWER and quite a few ARM microprocessors, but Spectre attacks Intel and AMD processors used in computers, smartphones and tablets.
  • Meltdown creates an information barrier with a rogue procedure to read all memory, but Spectre affects the system by causing leakage of information from the applications.
  • Meltdown uses Intel privilege escalations and speculative execution methods, but in comparison, Spectre uses branch prediction and speculative execution methods.
  • Meltdown attempts to access and allow a program to read the kernel memory that has been protected from access from user space, but in comparison, Spectre affects the performance of the system and reads the contents of memory of other running programs.

Do Spectre and Meltdown Affect Virtual Machines?

Yes, they may affect a virtual machine, depending on their variant.

For example, a VM running within the Sentinel 400 may be susceptible to the Meltdown CVE-2017-5754 variant and two other variants of Spectre, namely CVE-2017-5753 and CVE-2017-5715.

Conclusion

Meltdown and Spectre vulnerabilities both affect the modern CPUs in almost the same way.

Though the former can be mitigated by using software patches in the operating system, Spectre is hard to mitigate.

It is, thus, best for you to keep your system, programs and applications updated with the latest available in the store.

About Dominic Chooper

AvatarDominic Chooper, an alumnus of Texas Tech University (TTU), possesses a profound expertise in the realm of computer hardware. Since his early childhood, Dominic has been singularly passionate about delving deep into the intricate details and inner workings of various computer systems. His journey in this field is marked by over 12 years of dedicated experience, which includes specialized skills in writing comprehensive reviews, conducting thorough testing of computer components, and engaging in extensive research related to computer technology. Despite his professional engagement with technology, Dominic maintains a distinctive disinterest in social media platforms, preferring to focus his energies on his primary passion of understanding and exploring the complexities of computer hardware.

View all posts by Dominic Chooper

Related Posts:

Previous articleWhat is Megahertz (MHz)? (Explained)
Next articleWhat is a Microcontroller? Types, Works, Uses & More
Dominic Chooper
Dominic Chooper
Dominic Chooper, an alumnus of Texas Tech University (TTU), possesses a profound expertise in the realm of computer hardware. Since his early childhood, Dominic has been singularly passionate about delving deep into the intricate details and inner workings of various computer systems. His journey in this field is marked by over 12 years of dedicated experience, which includes specialized skills in writing comprehensive reviews, conducting thorough testing of computer components, and engaging in extensive research related to computer technology. Despite his professional engagement with technology, Dominic maintains a distinctive disinterest in social media platforms, preferring to focus his energies on his primary passion of understanding and exploring the complexities of computer hardware.
Linkedin
4 Comments
Oldest
Newest
Inline Feedbacks
View all comments