Meltdown and Spectre attacks
Eniko Toth

Meltdown and Spectre attacks

A new class of side-channel attacks have been appeared, which exploit the following CPU vulnerabilities:

Meltdown and Spectre rely on them and allow the hackers to read the memory content of other programs, it means they can access the stored sensitive data like passwords, photos, emails, secret documents, etc.

The original coordinated disclosure date of this issue was planned for January 9, but the issue became public 6 days earlier.



Both are side effect attacks, but there’s a bit difference between them:

Meltdown

CVE-2017-5754

Memory isolation is the basis of the security on computers. It prevents that different user applications can access each other’s memories and read/write the kernel memory. meltdown zero day vulnerabilityThat’s why multiple users can use one single machine safely.

Meltdown breaks this isolation and gives a single way to read the kernel memory (from user space), including all the secrets in it. It doesn’t exploit any software vulnerabilities, so it doesn’t matter what kind of operating system are you using.

The biggest strength of Meltdown is the side effects caused by out-of-order execution*.

Meltdown can be used on Intel processors. KAISER patch is widely applied to mitigating the Meltdown attack, but there are also other tips for patching it.


* It’s an optimization technique for maximizing the utilization of all execution units of a CPU core as exhaustive as possible.



Spectre

CVE-2017-5715 and CVE-2017-5753

This attack induces the processor with branch prediction for achieving speculatively executing* instructions, which shouldn’t have occurred during a correct program executionThis way, the information of the victim’s memory can be leaked.

Spectre attack can work on non-Intel processors too, such as AMD and ARM processors.

For the hackers, this technique is more difficult but also harder to mitigate it. Unfortunately, KAISER patch cannot protect against them.


*It’s a technique to increase the performance of the high-speed processors.

No one is safe

To the server owners, we raise the attention to do everything you can in order to take care of your servers’ security, as there are no patches for Ubuntu and Debian yet, only for the following distros *:

  1. RHEL 7.x
  2. CentOS 7.x
  3. Fedora 26/27
  4. Debian stretch
  5. Arch Linux
  6. Gentoo Linux

*against Meltdown

SUSE also released patches for most recent SUSE Linux Enterprise (SLE) versions yesterday.



Desktops, laptops, smartphones, tablets, cloud devices, servers… All of them are endangered by Meltdown and Spectre

Also, once you have been attacked, it’s hard to detect, as none of these attacks leaves traces in the traditional log files. It’s not easy to distinguish them from regular benign applications, so antivirus cannot solve the problem.

Share your ideas with us about this article

Previous posts

Which are the most scanned ports?
What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit number between 0 and 65535. There are some specific ports which identify some exact services, e.g. port 80 is used for HTTP communication. Types of ports: Well Known Ports: 0 - 1023 Registered Ports: 1024 - 49151 Dynamic/Private : 49152 - 65535 W...
2018 Cybersecurity Trends
The number of cybersecurity breaches experienced in 2017 were really high, hackers kept themselves busy – just think about the WannaCry ransomware infecting Windows PCs. Furthermore, 2018 is almost here, and the future definitely holds many changes for you, Linux server operators, in the field of cybersecurity. As security always comes first, now it’s time to have a look at some upcoming trends that are expected in the next year. We only can hope that these trends would open the eyes and help increase cybersecurity efforts to make the Internet a safer place. Let’s dive in without w...