Demo
02.26.2019

Prediction Series #4: The many faces of Spectre and Meltdown -- More demonstrated attack possibilities increase the likelihood of real attacks

Though it may seem longer, it was just the end of January of last year that most of us first heard about the twin chip flaws, Spectre and Meltdown. They represent the rare appearance of an entirely new class of vulnerabilities, affecting all modern computer processing chips and the devices that use them.

Vendors produced patches to fix the problem but it hasn’t been that simple. The full problem won’t be solved until a new generation of chips is designed and released – potentially years down the road.

In the meantime, more variants of attack possibilities have been demonstrated – at least 20 so far. We’ve outlined some of the characteristics of those in a separate recent blog “20 Spectre and Meltdown Attacks Demonstrated So Far and Rising: This Class of Threat Continues in 2019.” An excerpt of summary bullets from that blog highlights some facts about these two threats.

What you should know about Spectre Attacks
• Branch misprediction is the basis for the attack
• Attackers leverage the mis-training mechanism
• Process memory address space is affected
• Only works with data the application can access architecturally
• Four methods can be applied to mis-train branch prediction

What you should know about Meltdown
• Exploits faults triggered with retiring faulting instructions
• Reliant upon unauthorized out-of-order transient instructions following execution
• Transient instructions work with data inaccessible to the application
• Only possible with faults, not exceptions, traps or aborts.

Spectre is the more vexing of the two, but both flaws open vulnerabilities that allow hackers to manipulate a chip-level feature called ‘speculative execution’ in the above ways to gain access to sensitive data residing in OS memory.

Meltdown and Spectre: more demonstrated attacks possible

To date, no known data breaches have been reported. But taking place in memory, such breaches would be difficult to identify so it could be difficult to prove when a breach has occurred. What we can be 100% certain of is that hackers are planning their next moves. This threat will persist for a long time. If or when a new generation of patches might come forth, the billions of flawed chips remain in use around the globe. And as long as they are out there, these vulnerabilities remain a strong concern and actual attacks are likely this year.

Further resources:

White paper: Protecting Applications from Speculative Execution Vulnerabilities Exposed by Spectre and Meltdown

Article: 20 Spectre and Meltdown Attacks Demonstrated So Far and Rising: This Class of Threat Continues in 2019

Article: Complete Spectre and Meltdown defense