Almost All Vulnerabilities in Processors Released in The Last 20 Years
Processor (illustration).

MAXIM - The problem is serious, but it is supposed to panic moderately and with dignity.

The premature publicity and unnecessary concern was the story of the vulnerability in Intel processors. The company conducted an internal investigation, notifying all partners and competitors (later it turned out that all processors are affected in general), and was going to make an official statement on January 9. But there was a leak to the press, and the problem started talking. Large companies had to hastily issue press releases, sometimes contradictory to each other, which created a strong nervous background in the news.

The vulnerability that has been identified does exist for a long time: from 1995 or from 1997, according to data from various sources. The error was found in the work of the function of preliminary calculations of the processor (speculative execution). This works in the following way: the processor has several pipelines on which calculations are performed. At the moment when one of the pipelines calculates the formula given by the program, the preliminary calculation unit takes all possible variables from the memory and preemptively performs simple operations with them - addition and multiplication. If such an operation appears in the function, then in the block of preliminary calculations there is already a desired value. Once it allowed to increase the speed of calculations by 20-30%.

If it's completely simplified, it turned out that the data exchange between the blocks turned out to be completely unprotected and with the help of simple OS commands one can access whole memory areas. And since, for example, decryption of the password is a set of simple mathematical operations, the necessary data are in the vulnerable area. That's what makes an attack on a vulnerability so dangerous.

At the time of writing, the professionals said the possibility of two types of attacks: meltdown - penetration into the OS and spectre - penetration into the running processes.

Developers of modern operating systems do their best to isolate all the processes that occur from each other. One program can not know what another program is doing at this point and what happens in its memory. They can exchange data only with the help of special instructions provided by the OS, they are called API.

Meltdown allows a malicious program to use all the functions of the operating system without getting permission from the user. During such an attack, malicious code can not get into the memory area of ​​other applications - they are encrypted, but you can stop processes and start new ones.

Specter can get into the memory area of ​​other applications, but it is much more specialized and less dangerous to ordinary users. In the millions of methods, instructions, and variables that are executed every minute by a single program, it is not so easy to understand.

Although the disclosure of the vulnerability occurred on profile sites as an action of the militant, ordinary users should not be greatly feared. First, security labs like Google Project Zero have not yet published information about the creation of malware based on the vulnerability.

Secondly, even despite the premature publicity, the companies had time to prepare patches, and they did it. For Windows, this patch is KB4054022, it should be installed automatically starting on January 4. In the macOS vulnerability was eliminated in the update 10.13.2. Google promises to release a critical update for its phones Nexus and Pixel, all other manufacturers on Android, as usual, update the smartphone software at its discretion.

The situation with devices on iOS is controversial, because the consortium has not yet given a clear answer, whether the ARM A-series processors are vulnerable. One source says that yes, they are susceptible. Another claims that only a spectre-attack. There are still no comments from Apple on this matter.

Third, to exploit the vulnerability, an attacker would need to gain physical access to a working computer. This is the only way he can run a malicious code like spyware for passwords. Neither through the network, nor through connecting to the ports of the computer to cause damage will not work. (Maxim Russia)

Post A Comment: