Major Chip Flaws Confirmed

News of a major vulnerability in Intel chips is much worse than first feared, with researchers confirming three variants affecting multiple CPU hardware implementations, dubbed “Meltdown” and “Spectre”.

Both can be described as “side channel” attacks which allow attackers to steal passwords, customer data, IP and more stored in the memory of programs running on a victim’s machine.

They work across PCs, mobile devices and in the cloud, the latter scenario is particularly worrying as it could theoretically allow an attacker in a guest VM to steal data from other customers’ VMs on the same public cloud server. The previously disclosed issue has been named Meltdown and relates to CVE-2017-5754, a bug which “melts” the security boundaries normally enforced at the chip level to allow normal applications to read the contents of private kernel memory, according to the researchers.

It affects every Intel processor which implements “out-of-order execution”: effectively every processor since 1995, except Itanium and Intel Atom before 2013. It also affects certain Arm cores, although AMD chips are not thought to be affected.
Patches are available for Linux, Windows and OS X to mitigate Meltdown.

On the cloud provider side, those using Intel CPUs and XenPV as virtualisation are affected, as well as those relying on containers that share one kernel, such as Docker, LXC and OpenVZ. Patches are coming or are already here from Microsoft, Google, Amazon and others.

Spectre is arguably the more dangerous of the two threats as it is harder to mitigate, although it has also been described as harder to exploit.

It relates to bounds check bypass bug CVE-2017-5753 and branch target injection flaw CVE-2017-5715 and affects Intel, Arm and AMD chips in “almost every system” in the desktop, laptop, cloud server and smartphone space.
The researchers explained Spectre and Meltdown as follows:

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory.
“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.”

There are currently no known effective fixes for Spectre, although work is being done to “patch software after exploitation through Spectre.”

In fact, the US-CERT claimed that the only way to fix the issues for certain is to replace the CPU hardware altogether, not an option at this stage until more secure chips are architected.

There are also concerns that the patches which are being developed may cause systems to slow down, although many admins may not have a choice in the matter. Researchers claimed that, unlike normal malware, Meltdown and Spectre are hard to distinguish from regular apps so are unlikely to be spotted by AV tools.

“However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known”, they added.

Affected firms including chip, browser, OS and cloud vendors were working behind the scenes on fixes for the issues before the news was broken in a media report earlier this week. That seems to have accelerated patching plans.

The British National Cyber Security Centre (NCSC) claimed in a statement that it had seen “no evidence of any malicious exploitation” and advised users and IT admins to install patches as soon as they are made available.

The reports that Intel CEO Brian Krzanich netted $25m from the excerise of his share options in the company prior to news of the chipmakers' products vulneralibity becoming widely known is remeniscent of management behaviour at Equifax where some senior executives have been accused of benefiting financially from a coverup of a major data breach. 

An Intel spokeswoman has been reported to say that Krzanich's decision to sell the shares was unrelated to the security vulnerability disclosed.

Infosecurity Magazine

You Might Aso Read:

New IoT Chips See, Think & Act Autonomously:

A Strategic Company: The Internet of Things & How ARM Fits In:
 

« FBI Fingerprint Software Might Contain Russian code
UK Cybersecurity Firm Sophos Is Trouncing Silicon Valley »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

RedNode

RedNode

RedNode is a cybersecurity service provider that offers customized security testing solutions to protect any size of business worldwide.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.