Major Chip Flaws Confirmed

News of a major vulnerability in Intel chips is much worse than first feared, with researchers confirming three variants affecting multiple CPU hardware implementations, dubbed “Meltdown” and “Spectre”.

Both can be described as “side channel” attacks which allow attackers to steal passwords, customer data, IP and more stored in the memory of programs running on a victim’s machine.

They work across PCs, mobile devices and in the cloud, the latter scenario is particularly worrying as it could theoretically allow an attacker in a guest VM to steal data from other customers’ VMs on the same public cloud server. The previously disclosed issue has been named Meltdown and relates to CVE-2017-5754, a bug which “melts” the security boundaries normally enforced at the chip level to allow normal applications to read the contents of private kernel memory, according to the researchers.

It affects every Intel processor which implements “out-of-order execution”: effectively every processor since 1995, except Itanium and Intel Atom before 2013. It also affects certain Arm cores, although AMD chips are not thought to be affected.
Patches are available for Linux, Windows and OS X to mitigate Meltdown.

On the cloud provider side, those using Intel CPUs and XenPV as virtualisation are affected, as well as those relying on containers that share one kernel, such as Docker, LXC and OpenVZ. Patches are coming or are already here from Microsoft, Google, Amazon and others.

Spectre is arguably the more dangerous of the two threats as it is harder to mitigate, although it has also been described as harder to exploit.

It relates to bounds check bypass bug CVE-2017-5753 and branch target injection flaw CVE-2017-5715 and affects Intel, Arm and AMD chips in “almost every system” in the desktop, laptop, cloud server and smartphone space.
The researchers explained Spectre and Meltdown as follows:

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory.
“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.”

There are currently no known effective fixes for Spectre, although work is being done to “patch software after exploitation through Spectre.”

In fact, the US-CERT claimed that the only way to fix the issues for certain is to replace the CPU hardware altogether, not an option at this stage until more secure chips are architected.

There are also concerns that the patches which are being developed may cause systems to slow down, although many admins may not have a choice in the matter. Researchers claimed that, unlike normal malware, Meltdown and Spectre are hard to distinguish from regular apps so are unlikely to be spotted by AV tools.

“However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known”, they added.

Affected firms including chip, browser, OS and cloud vendors were working behind the scenes on fixes for the issues before the news was broken in a media report earlier this week. That seems to have accelerated patching plans.

The British National Cyber Security Centre (NCSC) claimed in a statement that it had seen “no evidence of any malicious exploitation” and advised users and IT admins to install patches as soon as they are made available.

The reports that Intel CEO Brian Krzanich netted $25m from the excerise of his share options in the company prior to news of the chipmakers' products vulneralibity becoming widely known is remeniscent of management behaviour at Equifax where some senior executives have been accused of benefiting financially from a coverup of a major data breach. 

An Intel spokeswoman has been reported to say that Krzanich's decision to sell the shares was unrelated to the security vulnerability disclosed.

Infosecurity Magazine

You Might Aso Read:

New IoT Chips See, Think & Act Autonomously:

A Strategic Company: The Internet of Things & How ARM Fits In:
 

« FBI Fingerprint Software Might Contain Russian code
UK Cybersecurity Firm Sophos Is Trouncing Silicon Valley »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.