Recently the Meltdown and Spectre vulnerabilities were discovered affecting all computers using central processing units (CPUs) manufactured by Intel, AMD and ARM.
These vulnerabilities were found to allow an attack at the hardware level, permitting malicious programs to abuse the way a processor reads data from a less-privileged user process. This could mean passwords, personal photos, email or classified business documents that was supposed to be inaccessible and private can now be accessed.
So what exactly are Meltdown and Spectre, and how can you prevent them from affecting you?
According to Google, Meltdown breaks fundamental isolation between applications and the operating system (OS) on a computer, allowing attackers to read data within the memory system of the computer. This includes both physical (user and application) memory and kernel OS memory, which is the core component of the operating system that acts as a bridge between application and data processing at the hardware level.
Meltdown is essentially bypassing kernel memory isolation controls and causing it to “leak” or allow access to sensitive memory data.
While Meltdown affects the application and OS, Spectre breaks down the isolation between different applications. Some other names that Spectre might be deployed under include sandboxing, process separation, containerization, memory safety and proof-carrying code. This allows the attackers to trick applications into thinking it is sharing information and data across applications, when it is, in fact, sharing it with the attackers.
Unlike Meltdown, Spectre has no access to kernel memory and only reads the application process memory.
The hardware-level vulnerability could permit malicious programs to access information stored within computer memory that, until now, was supposed to be isolated and inaccessible by design.
Potentially, this includes any and all data that users are actively working with or that they enter from the keyboard. This access does not extend to data on storage media such as hard drives, CD/DVD drives and USB/Flash drives. However, it’s conceivable that, using the information retrieved from memory, unauthorized access to these other media types could be gained. The CPU will continue to execute software, including its own safety checks. However, it’s now understood that attacks on the CPUs could be used in ways that permits attackers to violate the secrecy (but not integrity) of memory and content. As a result, the integrity of a broad range of software isolation techniques are impacted.
Meltdown and Spectre are tricky to detect. If your system has been attacked - whether successfully or not - there will likely be no sign of the attack. Also, traditional antivirus solutions may not detect exploits used to access your system’s memory data, since Meltdown and Spectre are different from ‘normal’ malware attacks. The reason for this is that this type of exploit tricks your system into thinking that this is just part of the application and operating system. What the antivirus solution may detect, which could be a strong indication that your system has been compromised, would be malware that is piggybacking off of this vulnerability or possibly the actual exfiltration of sensitive data.
All desktop, laptop and cloud computers have the potential to be exploited through these vulnerabilities, but specifically, computers using an Intel processor that was built after 1995.
While it is not easy to protect your computers and devices from Meltdown and Spectre, you can reduce the risk of attack by applying patches and updates that various manufacturers have made available. Linux, Mac and Windows OS users can patch their systems against Meltdown using the KAISER patch. There is still work to be done to patch against Spectre, but the LLVM patch, MSVC and ARM speculation barrier header can be used to protect from further damage after Spectre exploitation.
Have you been affected by the Meltdown and Spectre vulnerabilities? Let us know in the comments how you’re dealing with these attacks.