Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Other
The hole in the CPU: all the error that allows to steal passwords from almost any computer and smartphone
Material posted: Publication date: 07-01-2018
The researchers found the security hole, which is contained in most modern processors, computers, laptops and even smartphones. Tell all that is known about vulnerabilities Meltdown and the Spectre, and how to live with them.

Where did these vulnerabilities?

The main source of the problem — the so-called speculative execution. Two decades ago, engineers designing processors, have devised a cunning trick: the processor can pre-execute some operations (pieces of programs), the result of which you may need later. That is, he anticipates which way the program goes on, and executes the instructions in advance. Guess — got a speed boost, miss — just rolled back to "correct" the condition, but if in the course of the play he was referring to the memory, data from it will remain in the cache of the processor.

For example, somewhere in the back of the application there is an appeal to memory, where access is not allowed. Processor you hurry in advance to make this work and put the data closer — in CPU cache. Then when the main program execution will stop at the restriction of access, all operations "rollback", the application will signal an error, but the data remains in cache, where they can be picked up (again, not directly, but through a tricky but legitimate).

What is a Meltdown?

The so-called vulnerability that allows to "melt" (melt) the wall between the application, which should work in your little sandbox", and the system memory, where it is good, access is denied. Thus, the program can access all memory in the computer.

What is Spectre?

"Ghost" (translated as Spectre) — the second of two vulnerabilities. It penetrates through the "border" between applications that could steal data from them. Program victim may be written in perfect compliance with all safety regulations, but it will not prevent cracking.

Attack Spectre harder to produce, but from it, and much harder to defend — this is the second meaning of the title: vulnerability as a Ghost will haunt us for a long time.

What information hackers can get through the Meltdown and the Spectre?

Meltdown gives access to the entire computer, to data from all applications. The video below shows how one program, the user enters the password, close the "stars", and at the same time it POPs up in the next window, in another application.


Even more dangerous is that Meltdown is able to break through the boundaries of virtual machines. The fact that very often a powerful server serves several sites, for each of them on a physical machine creates a virtual computer. Now your neighbor is hosting will be able to Snoop your users ' passwords and Vice versa.

Spectre can't dig at the operating system level, but to reach other applications. The problem is that even if the last time you installed a new application many months ago, your computer every day takes the code that is downloaded from the outside — after all, the web page is stuffed with scripts in JavaScript. They, too, can use the vulnerability to access to data of other apps or, say, the adjacent tabs in the same browser.

What processors are these vulnerabilities?

Initially, the researchers from Google Project Zero (the laboratory that makes the greater contribution to the discovery of these vulnerabilities) said that a break through the Meltdown is only possible on processors Intel, released about 1995, with the exception of the Itanium server chips and nettopro-netluckych Intel Atom until 2013.


Apple later confirmed that the danger was all her gadgets: iMac, MacBook (it's Intel), iPhones, iPads and even TV set-top box Apple TV (ARM) — everything but the watch Apple Watch.

Of ARM core-based vulnerabilities now confirmed on the Cortex-A15, Cortex-A57, Cortex-A72 and Cortex-A75.

AMD in its report said, attack Meltdown on its processors impossible, but the "Ghost" they are halfway: one of the ways of hacking work, and the other allegedly "unlikely" due to some differences in architecture.

Domestic Baykal-T1 (processors for computers, comparable to Intel Atom) based on the MIPS P5600 cores of Imagination Technologies company and is not subject to Meltdown, nor Spectre. But the Baikal-M is based on Cortex-A57 — and he threatened.

As you can see that the computer was hacked through a Meltdown or Spectre

No way.

What to do?

Recipe one: to install all the updates. Microsoft has released a patch for Windows 10. Apple has closed the vulnerability Meltdown in the December update of its operating system and promises to release a new version of Safari for macOS and iOS with protection against Spectre. The Linux kernel also has patches. From androidphone faster the fix will get the Google Pixel. The rest in turn.

From patch the computer will slow down?

Not really, it all depends on the specific application. Toys and regular home-office software from the patches does not suffer almost any way. The hardest part will have those who are in charge of servers: for example, PostgreSQL database shows a performance decrease of over 20%.


RELATED MATERIALS: Defence and security
Возрастное ограничение