Riscure Opinion
On January 3, 2018, a team of researchers disclosed information about a new class of hardware vulnerabilities, commonly referred to as “Spectre” and “Meltdown”. This class of vulnerabilities affect almost all modern CPUs, and allow an attacker to extract secrets from an application that is co-hosted on the same CPU as an attacker application. Common scenarios are a malicious phone app attacking another app, a malicious webpage attacking another webpage within a browser, or an REE application attacking a TEE application. This becomes a risk when the victim app handles secrets, such as key material, PII, account details or passwords.
Why is this important?
The reason for the spectacle around Spectre and Meltdown is twofold: it is a new class of vulnerabilities, and patching them is nontrivial. A new class of vulnerabilities creates excitement amongst security researchers; we are also in awe of the complexity of this discovery. However, new classes are found every now and then. Spectre and Meltdown are “only” information disclosures; they do not directly lead to e.g. attacker code execution. The second reason for the spectacle is that patching is unusually complex: there are at least 3 variants of the attacks, where each requires a different combination of CPU fixes, CPU microcode patches, OS patches, compiler patches and application recompilations to address. The bottom line is that these vulnerabilities will likely remain in older systems, and full resistance may take months to years for some products.
Background and details
Spectre and Meltdown allow read access to restricted memory and require complex changes in software to mitigate, with a potential for a serious performance penalty. We believe that this security research also reveals a new type of software-based side channel attacks. Riscure responds by including Spectre and Meltdown vulnerability checks in its customer security evaluations and conducting an additional research into the problem and its implications for embedded devices.
The findings
- Meltdown (CVE-2017-5754) allows bypassing rights checks when accessing the privileged memory or registers. This vulnerability exploits the way modern CPUs perform speculative execution: a request to access a certain address in memory is executed before the bounds check is performed. The rogue application is still denied to access privileged memory directly, but a subsequent software-based side channel attack allows extracting the data from a processor’s cache. Affects the majority of modern Intel CPUs and a number of top-of-the line ARM Cortex processors. Does not affect CPUs where bounds check is always performed before instruction execution.
- Spectre (CVE-2017-5753 CVE-2017-5715) allows an external process to manipulate branch prediction and speculative execution features of a modern processor to read private data and extract it from cache. Compared to Meltdown, Spectre is more complex, but affects, to a certain extent, almost all modern CPUs, including Intel and AMD processor, ARM processors with speculative execution (full list of affected ARM models is available here).
Of course, this summary lacks all the important details. We recommend reviewing the papers published on the spectreattack.com, and a detailed write-up in Google Project Zero blog that includes proof-of-concept code for Intel CPUs.
The new type of software-based side channel attacks
In recent years, there was an increase in the number of publications about micro-architectural side channel attacks. Before Meltdown and Spectre, micro-architectural side channel attacks were generally targeting the behavior of the cache in isolation. The attacks generally had a narrow scope, for instance targeting specific algorithms. The new attacks show that by considering several characteristics of modern CPUs, more powerful side-channels can be obtained.
Furthermore, in the past micro-architectural side channel attacks were generally regarded as difficult to exploit attacks, which targeted vulnerabilities that are more theoretical than practical. Spectre and Meltdown demonstrated that such attacks can have a serious security impact, and that they can be exploited in practice.
We expect that in the near future there will be significant research effort put into either improving the existing attacks, or finding new attacks that exploit other side effects of CPU characteristics.
Attack specifics
In our opinion, Spectre and Meltdown attacks share these distinct properties:
- Complexity. Constructing an attack of this kind requires months-long effort from a highly-skilled team of experts. Spectre and Meltdown were identified, either independently or via collaboration by teams from Google Project Zero, Cyberus Technology, and Rambus; researchers from Graz University Technology, Universities of Pennsylvania and Maryland, University of Adelaide. The findings were based on the deep academic research, similar in scale and complexity to efforts we often see in hardware Side Channel Attack and Fault Injection development.
- Lack of clarity. As it often happens with hardware vulnerabilities, the real consequences of an attack are not clear yet. It would be hard even to discover a real-life attack, since Meltdown and, in certain applications, Spectre can be performed without leaving any trace on a target system. Feasibility of an attack can be determined for a given combination of hardware and software environment. We are confident that additional types of attacks can be discovered that utilize similar software-based side channel data extraction mechanisms.
- Practicality. Just like any other vulnerability, the main question is whether Spectre and Meltdown can be utilized to defeat real-life security mechanisms in a way that can be practically exploited by an attacker. For example, it was shown that Meltdown/Spectre could be exploited by running a code in the browser, which, for consumers, might be the worst-case scenario (see mitigation offered in Firefox). All potential ways to utilize this new type of an attack for different hardware/software combinations are yet to be analyzed. Our goal as a security lab is to identify how Spectre and Meltdown could be applied to defeat real-life security mechanisms, especially those that need to be certified for a certain level of protection, like mobile payment and content protection.
Riscure will dedicate a share of resources of Riscure security lab to further analyze and research the vulnerabilities involving low level CPU characteristics as well as software-based side channel analysis. We will also include checks for Meltdown and Spectre in our commercial security evaluation projects. We welcome requests from our customers for a special project to research on how Spectre/Meltdown could affect a specific embedded device. If you have such a request, please contact us via inforequest@riscure.com.