Hello! Happy New Year! Welcome to 2018!
We have just passed few days in the New Year and welcoming everyone to 2018. The bad news is, we have two uninvited new guests in 2018, namely “Meltdown and Spectre”.
What the hell is that? Okay! Calm down. I’ll come to the point.
Researchers from Google Project Zero, Cyberus Technology and Graz University of Technology have found new bugs named “Meltdown and Spectre”. Simply saying, these vulnerabilities affect Intel, AMD and ARM processors, allowing malicious users to capture sensitive data. This time, the attack surface is very wide. It extends up to almost all the devices (Yes! laptops, desktops, smart phones, cloud server environments, etc.) powered by these processors. I know what you’re thinking. Am I a potential victim of these attacks? Of course, you may be. 🙁
But the little good news is, for an attacker to carryout the attack, they have to run an unauthorized code on the victim’s CPUs, which is a difficult task. So, the probability of exploiting the vulnerability is low. And, luckily, there are no active exploits available in the wild for this vulnerability so far.
These bugs take advantage of the technique “speculative execution”, to access the system memory that ideally should be inaccessible. If I briefly explain what is speculative execution, it is a technique used by processors to guess the branch, which will be taken to execute an instruction. This is done even before the instruction is given. As I said, this is just a guess, and if the guess is correct, the processor has saved some processing time and the task is performed faster. In case, if the branch is wrong, no big deal. It will take the correct branch after the instruction.
Coming to the point, what are the differences between both the vulnerabilities?
We’ll look at Meltdown first
Meltdown breaks the isolation between the user application and the operating system. In a way, it is a privilege escalation. In a little more technical perspective, if the device is vulnerable to Meltdown, an attacker may even access information from the kernel memory from the user space (I know, it’s ridiculous). Simply, it may allow an attacker to access passwords, encryption keys, and any other sensitive information.
So what’s Spectre
What makes Spectre different from Meltdown is, it breaks the isolation between different applications. In other words, Spectre may grant access to sensitive information of other applications’ memory space.
Example attack of both combined
A simple attack scenario of Meltdown and Spectre can be put as this way. An attacker may rent a space on a cloud service (as most of us have rented). If the environment is vulnerable, the attacker may capture sensitive information of other customers in the same environment, which is of course, scary! This vulnerability is mostly threatening cloud instances because; most of the cloud plans don’t have separate servers for individual customer, but a shared environment with protection from software. But the worse part is, the attackers may bypass these software protections, using the latest chip flaw. The attack surface can even go further to personal level computing. As an example, a computer with multiple user accounts, or virtual machines, may be compromised as the same scenario.
Okay! Any fixes?
When it comes to Meltdown, software patches can fix the problem. And of course, many vendors are already releasing software updates on this regard. For Spectre, there is a long way to go for the fix. Though exploiting Spectre is harder compared to Meltdown, fixing Spectre is also harder compared to Meltdown. Software patches can fix known exploits, but to have a full fix for Spectre, CPU manufacturers have to redesign the computers chips and replace them with the existing ones.
Meltdown and Spectre are, currently the latest CPU based vulnerabilities published in 2018. These vulnerabilities allow a low privileged user to execute code on a system to access sensitive information from the memory. The major difference is Meltdown takes advantage of Privilege Escalation and Speculative Execution as the attacking method, while Spectre uses Branch Prediction and Speculative Execution.
Meltdown can read information from the kernel memory, and Spectre allows access to contents of memory from other users’ running programs. Finally, Meltdown can be fixed with a software patch, and Spectre fix needs a redesign of CPUs and replacement of the existing ones.
Hope this was informative. If anyone needs more technical details, you can get it from their official white papers for Meltdown and Spectre