Major Chip Flaws Confirmed

Uploaded on 2018-01-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

News of a major vulnerability in Intel chips is much worse than first feared, with researchers confirming three variants affecting multiple CPU hardware implementations, dubbed “Meltdown” and “Spectre”.

Both can be described as “side channel” attacks which allow attackers to steal passwords, customer data, IP and more stored in the memory of programs running on a victim’s machine.

They work across PCs, mobile devices and in the cloud, the latter scenario is particularly worrying as it could theoretically allow an attacker in a guest VM to steal data from other customers’ VMs on the same public cloud server. The previously disclosed issue has been named Meltdown and relates to CVE-2017-5754, a bug which “melts” the security boundaries normally enforced at the chip level to allow normal applications to read the contents of private kernel memory, according to the researchers.

It affects every Intel processor which implements “out-of-order execution”: effectively every processor since 1995, except Itanium and Intel Atom before 2013. It also affects certain Arm cores, although AMD chips are not thought to be affected.
Patches are available for Linux, Windows and OS X to mitigate Meltdown.

On the cloud provider side, those using Intel CPUs and XenPV as virtualisation are affected, as well as those relying on containers that share one kernel, such as Docker, LXC and OpenVZ. Patches are coming or are already here from Microsoft, Google, Amazon and others.

Spectre is arguably the more dangerous of the two threats as it is harder to mitigate, although it has also been described as harder to exploit.

It relates to bounds check bypass bug CVE-2017-5753 and branch target injection flaw CVE-2017-5715 and affects Intel, Arm and AMD chips in “almost every system” in the desktop, laptop, cloud server and smartphone space.
The researchers explained Spectre and Meltdown as follows:

“Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory.
“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.”

There are currently no known effective fixes for Spectre, although work is being done to “patch software after exploitation through Spectre.”

In fact, the US-CERT claimed that the only way to fix the issues for certain is to replace the CPU hardware altogether, not an option at this stage until more secure chips are architected.

There are also concerns that the patches which are being developed may cause systems to slow down, although many admins may not have a choice in the matter. Researchers claimed that, unlike normal malware, Meltdown and Spectre are hard to distinguish from regular apps so are unlikely to be spotted by AV tools.

“However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known”, they added.

Affected firms including chip, browser, OS and cloud vendors were working behind the scenes on fixes for the issues before the news was broken in a media report earlier this week. That seems to have accelerated patching plans.

The British National Cyber Security Centre (NCSC) claimed in a statement that it had seen “no evidence of any malicious exploitation” and advised users and IT admins to install patches as soon as they are made available.

The reports that Intel CEO Brian Krzanich netted $25m from the excerise of his share options in the company prior to news of the chipmakers' products vulneralibity becoming widely known is remeniscent of management behaviour at Equifax where some senior executives have been accused of benefiting financially from a coverup of a major data breach. 

An Intel spokeswoman has been reported to say that Krzanich's decision to sell the shares was unrelated to the security vulnerability disclosed.

Infosecurity Magazine

You Might Aso Read:

New IoT Chips See, Think & Act Autonomously:

A Strategic Company: The Internet of Things & How ARM Fits In:
 

« FBI Fingerprint Software Might Contain Russian code
UK Cybersecurity Firm Sophos Is Trouncing Silicon Valley »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.

Zyxel Networks

Zyxel Networks

Zyxel Networks is a leading provider of secure, AI-powered networking solutions for small to medium businesses (SMBs) and the enterprise edge.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.