„Meltdown“ and „Spectre“ info site.
Simple code with devastating consequences“Meltdown is a very simple exploit – only four lines of code are needed to gain access,” explained Moritz Lipp, Michael Schwarz, Stefan Mangard and Daniel Gruss from TU Graz. “Spectre is significantly more labour-intensive, and consequently more difficult to protect against. It uses the code itself to trick the system into giving up its secrets.” The vulnerabilities affect private computers as well as most server infrastructure and cloud-based services currently in use. In order for computer systems to work faster, modern processors perform calculations in parallel rather than sequentially. In parallel to lengthy tasks, the processor attempts to predict the next steps that will be required and prepare for them. “For performance reasons, at that point no check is made as to whether the program accessing data actually has permission to do so,” the Graz researchers explained. If a predicted step is not required, or if permissions are not present, the processor discards the preparations it has made. This preparation phase can be exploited to read data from the kernel – for example passwords saved in commonly used browsers.
Patch from Graz protects against Meltdown exploitKAISER, a patch developed by the Graz researchers at the institute, is designed to help secure the vulnerabilities. Because attacks would be directed against hardware but carried out via software, developers from the major IT companies have adapted and further developed their proposal, and are delivering patches with their latest security updates. “The update affects the central functions of fast processors, and could make a difference especially in terms of speed,” explained Gruss, Lipp, Mangard and Schwarz. “Nevertheless, we would appeal to all users to install these updates. The largest providers of cloud and server solutions will implement them in the coming days.” Manufacturers still have work to do to solve the problem in the hardware itself – especially since the patch is effective against Meltdown, but not against the Spectre exploit.
The research was done in the framework of the ERC-funded project “SOPHIA”.