After the emergence of information about the vulnerabilities of microprocessor architectures with respect to speculative execution of commands, infamous under the names Specter and Meltdown, there was no doubt that new and surprising discoveries in the field of cybersecurity (or danger?) Would follow. Over the past year and a half, Meltdown and Spectre CPU Vulnerabilities announced many holes and vulnerabilities in the processor architectures of Intel, AMD and ARM. Almost all of what was found out was “patched” with patches, corrections in microcode and even in architecture, but the built-in protection turned out to be useless for new vulnerabilities in the mechanisms of speculative operation of processors.
At a Black Hat USA conference, researchers from Bitdefender said that data from the processor cache can be extracted without the knowledge of the victim, even around protection from Meltdown and Spectre CPU Vulnerabilities. Each of these vulnerabilities is based on the principle of attack on side (third-party) channels and extracts user-sensitive data from the processor cache or using the initial data access in the cache.
What do you need to know about Meltdown and Spectre?
In an attempt to predict the branching of commands, the speculative execution mechanism loads the instructions and data most likely to be executed, processes them, and then rolls back if it did not work out. Prior to loading new instructions, the processor cache contains data that is garbage to the user, but information that is important to the user, such as passwords and more, may remain in them. This data is not protected as carefully as, for example, the OS kernel in the protected system memory of a computer, which means that an attacker can read this information. How? A simple enumeration of letters, numbers and symbols will indicate the response speed stored in the cache. Everything that is confirmed as quickly as possible is the answer to the requested queries. With due patience and ingenuity from this information, you can collect the one that the user is afraid to lose more than anything. And most importantly, no one will notice anything.
meltdown and spectre explained
Attacks on the third-party channels Specter and Meltdown were built on a similar principle. Intel and other process participants have partially or completely closed these holes. However, Bitdefender experts showed that the attack can be carried out using the standard SWAPGS instruction in the x86-64 architecture (the SWAPGS instruction starts the addressing of protected memory where the kernel of the operating system is loaded). The mechanism of speculative command loading using SWAPGS has been used in Intel processors since 2012. What year is your processor? Are you scared? In July, Microsoft integrated a patch against the SWAPGSAttack vulnerability (CVE-2019-1125) into the updated suite. Therefore, at the moment, everyone who has updated can no longer fear the SWAPGS Attack vulnerability. But this does not apply, for example, Windows XP and other operating systems that are no longer supported. Linux, by the way, is indifferent to SWAPGSAttack in any manifestation.
Researchers tested the vulnerability on Intel processors. Microsoft claims vulnerability to AMD and ARM processors against SWAPGSAttack (similar to Specter). Red Hat specialists tend to exempt ARM from liability, but they are confident in the vulnerability to AMD and Intel processors against SWAPGS Attack.
Read my other articles https://thinkholo.com
Read related articles http://www.getetech.com