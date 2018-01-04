​Over the holidays, security researchers revealed two different, but equally serious, flaws in just about every microprocessor in use today. They're calling them Meltdown and Spectre. Between the two, they affect almost every computer, tablet, phone and cloud computing service.

As with most security flaws, the mechanisms at work are complex and specific while consequences are simple and broad. So, let's all take a deep breath and work through this.

What Went Wrong

In order to understand how Meltdown and Spectre function, we need to take a quick crash course in the basics of how computers work.

Basically, your machine consists of three layers: application, kernel and hardware. When you tell your computer to do something, the application must consult the kernel before the hardware does what the application wants it to do. Consider the kernel the mediator of your machine, talking to all the applications and ensuring they get the hardware access and resources they deserve. To accomplish this, the kernel has access to your entire system's memory. You can see where this might go wrong.

Thankfully, the designers of modern system architecture, known as x86, recognized the potential security flaw and built protections directly into the hardware. These are known as protection rings. The outermost layer, known as ring 3, contains all user processes, and the innermost layer, ring zero, contains the kernel. Inherently, the two should never mix.

"User processes run in a severely limited sandbox set up by the gods of ring zero," writes computer science blogger Gustavo Duarte. "That's why it's impossible, by design, for a process to leak memory beyond its existence or leave open files after it exits."

Ideally, this is a one-way street. Your applications requests resources from the kernel, the kernel grants them, and then the application does what it needs to do. Unfortunately, this isn't the most efficient way to do things. And so the big processor manufacturers — Intel, AMD and ARM — started to find shortcuts.

In their in-depth and fairly technical summary of the two exploits, The Register explains how this push for speed sacrificed security:

One way rival processors differentiate themselves, and perform faster than their competitors, is to rely on speculative execution. In order to keep their internal pipelines primed with computer code to obey, they do their best to guess which instructions will be executed next, fetch those from memory, and carry them out. If the CPU guesses wrong, it has to undo the speculatively executed code, and run the actual stuff required.



This "speculative execution" is what Meltdown and Spectre exploit. The latter is easier to perform and easier to patch, while the former is harder to execute and near impossible to fix.

Meltdown primarily affects Intel chips, due to the way that these speculative executions are stored in the processor's cache. To draw an analogy, Meltdown draws an image of what's in the kernel by digging into the kernel's trash. Wired's Andy Greenberg offers a concise summary in his report:

By carefully crafting requests to the processor and seeing how fast it responds, a hacker's code could figure out whether the requested data is in the cache or not. And with a series of speculative execution and cache probes, he or she can start to assemble parts of the computer's high privilege memory, including even sensitive personal information or passwords.



Spectre, on the other hand, directly exploits the process of speculative execution — something every processor produced within the past decade is guilty of — which makes it both difficult to execute. And also fix. Here, the researchers who found Spectre explain in their paper:

At a high level, Spectre attacks trick the processor into speculatively executing instructions sequences that should not have executed during correct program execution. As the effects of these instructions on the nominal CPU state will be eventually reverted, we call them transient instructions. By carefully choosing which transient instructions are speculatively executed, we are able to leak information from within the victim’s memory address space.

Instead of picking up the garbage of speculative execution like Meltdown, Spectre is more targeted, actively getting even the most secure applications to cough up their secrets. Because each brand of processor performs this speculative execution slightly differently, a Spectre exploit that works for one line of processors might not work for others. This is what makes it difficult to execute and fix.



What's At Risk Here?

This is, in short, a breakdown of the most basic computer security. Because just about everything is stored in kernel memory, between Meltdown and Spectre, hackers would have access to the most sensitive of information. The New York Times' Nicole Perlroth stresses that the greatest security risks — perhaps because of the sheer scale — are cloud services like Amazon Web Services:

That is a major threat to the way cloud-computing systems operate. Cloud services often share machines among many customers — and it is uncommon for, say, a single server to be dedicated to a single customer. Though security tools and protocols are intended to separate customers’ data, the recently discovered chip flaws would allow bad actors to circumvent these protections.



On a personal level, ZDnet's Zack Whittaker points out that the exploit could also be deployed on your own computer either through mistakenly downloading it or a website running malicious code within your web browser.

One example of a worst-case scenario is a low-privileged user on a vulnerable computer could run JavaScript code on an ordinary-looking web page, which could then gain access to the contents of protected memory.



Because just about every computer runs on x86 architecture, Meltdown and Spectre affect every operating system and device in use today — Windows, OS X, iOS, Android and Linux.

So How Can You Fix It?

In terms of a solution there's good news, bad news, more bad news and then even more bad news.

The good news is that are currently fixes rolling out for Meltdown. Both Amazon and Google have patched their cloud services, but stress that users still need to update their own operating systems. The Verge's Tom Warren has an exhaustive guide on how to make sure your system is up to date.

The bad news is that patches for Meltdown are a bit of a confusing mess at the moment. Fixes for some browsers (like Firefox) are out, delayed (like Google Chrome) or haven't been announced yet (like Safari). There's a fix for Windows 10 currently out, but it doesn't play well with some anti-virus software. All of this is complicated by the major chip manufacturers not exactly owning up to their mistakes.

The more bad news is that these fixes for Meltdown could conceivably slow down machines by a significant amount. The Register estimates performance hits could range from as minor as 5 percent to as much as 30 percent slower depending on the processor and application in use.

The even more bad news, as mentioned earlier, has to do with fixing Spectre. As it stands there is no simple software patch for Spectre. The FAQ on the main site for both exploits eludes to fixing specific instances of Spectre exploits via software, but this would essentially reduce to devs having to play whack-a-mole as long as the x86 architecture persists. The only permanent solution, Nicole Perlroth points out on Twitter, is to develop an entirely new architecture and fully recall the old.