What’s the story behind Spectre?

In January, a severe hardware flaw was discovered in Intel’s microprocessors (named “Meltdown”). An additional vulnerability, which is much more severe, and challenges the design of modern CPUs has also been discovered – named “Spectre”. These are vulnerabilities in computer hardware, not software and they affect virtually all high-end microprocessors produced over the last 20 years. Patching them requires large-scale coordination across the industry, and in some cases drastically affects the performance of computers. Moreover, sometimes patching isn’t possible; the vulnerability will remain until the computer is discarded.

An attacker can create a foothold inside any organization, using an email containing a specially crafted DOC or PDF file that utilizes Spectre. This foothold can be used for any malicious activity such as malware or ransomware.

Spectre and Meltdown aren’t anomalies. They represent a new area to look for vulnerabilities and a new avenue of attack. An evidence to this is that several different groups of unrelated people had individually discovered the aforementioned exploits during the same few months, all while exploring the field of hardware exploits more intently.

How are modern CPUs designed today?

Microprocessors have become so fast that they spend a lot of time waiting for data (CPU instructions) to move in and out of memory. The speculative execution mechanism was designed to increase performance.  A processor guesses what are the instructions it is going to receive (e.g., following a conditional branch) and execute them. If the guess turns out to be correct, it’s a performance win. If it’s wrong, the microprocessors throw away what they’ve done without losing any time.

Speculative execution is used not only in CPUs. For example, the media world is using it all the time. Weren’t you surprised that immediately after the super bowl all the news were filled with analysis and articles about the Eagles? The reporters prepared in advance for both cases, working hard to create 2 story versions and when the game ended, they discarded the wrong story where the patriots were winning, giving the reader a feeling that they are extremely fast in writing in-depth articles.

Getting back to the CPU world, the problem with the speculative execution mechanism, is that there’s no permission check when the speculative execution code is running, thus leaving all the data exposed for everyone to read.

What are the implications of the Spectre vulnerability?

The Spectre and Meltdown vulnerabilities, allow malicious applications to bypass memory isolation mechanisms and access sensitive data. A large number of the effective mitigations today are based upon secrets, i.e. ASLR is based upon the low chance of an attacker guessing the locations of randomly placed areas in the memory, and a stack cookie is based on placing a runtime value before the stack ends.

An attacker can leverage these vulnerabilities to discover the secrets and bypass the mitigations. ASLR and other mitigations have been extremely effective and practically caused thousands of vulnerabilities to become un-exploitable.

BitDam can protect you against Spectre, Meltdown and future microprocessor vulnerabilities. It entails zero effort and no updates are required. BitDam can do this since it’s unique approach is not based on secrets nor on information about how attacks work. If you want to get better protection against malicious email attachments check out BitDam’s solution or schedule a demo.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *