A recent finding by security researchers have brought to light two major security vulnerabilities at the chip level.
Dubbed by researchers as Meltdown, one impacts only Intel chips. The other, called Spectre, impacts all chips including ARM and AMD. It is a fairly major vulnerability that affects pretty much every device made over the last 20 years.
Meltdown was independently discovered by three groups—Google’s Project Zero, German security firm Cerberus Security, and the Technical University of Graz, Austria. Spectre was identified by Project Zero, and an independent researcher.
Deconstructing Meltdown and Spectre
The vulnerabilities allow a hacker to compromise the processor memory by exploiting the way processes run in parallel. Information on the Meltdown attack website reveals that these hardware bugs allow programs to steal data from processes running parallelly.
A program is typically not permitted to access data from parallel programs, but a malicious program could exploit Meltdown and Spectre to get hold of sensitive information stored in the memory of other programs.
Decoding the vulnerabilities, Ido Naor and Jornt van der Wiel, senior security researchers at Kaspersky Labs, explained that applications installed on a device generally run on ‘user mode’, away from the more sensitive parts of the operating system.
Now if an app needs access to a sensitive area, for example the underlying disc, network or processing unit, it needs to ask permission to use ‘protected mode’. “In Meltdown’s case, an attacker could access protected mode and the core memory without requiring permission, effectively removing the barrier – and enabling them to potentially steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents,” explained Naor and Van der Wiel.
Intel, in a statement said that many different vendors’ processors and operating systems are “susceptible to these exploits”. ARM also confirmed that it’s ‘Cortex’ processors are susceptible. However, AMD, in a tweet, has denied any of its processors being susceptible.
What it means for the enterprise
KK Mookhey, CEO & Founder of Network Intelligence said: “This issue represents a higher risk in cloud environments because it would be very easy to create an AWS or Azure account, start a new instance, and then run the exploit to dump memory of the server which would be hosting many other instances of other customers.”
He revealed that the attacker could then leverage the passwords or private keys dumped from memory of other servers to access those and then keep jumping across the entire network of the cloud service provider. “This is why almost all cloud service providers have issued advisories and rushed to apply patches,” he added.
Naor and Van der Wiel, of Kaspersky Labs emphasized that it is vital that users install any available patches without delay. “It will take time for attackers to figure out how to exploit the vulnerabilities – providing a small, but critical window for protection,” they said.
Patches from major software providers have already been released for Meltdown. Most cloud service providers have also rolled out patches and issued advisories. Spectre however, stems from a major design flaw and a patch wouldn’t fix it, although the flaw is a lot harder to exploit.