Everything you need to know about Meltdown and Spectre

There is a new threat goin' round, one that affects all modern processors (Intel, AMD and ARM). What this means is that all computers with these processors and mobile devices are affected.

It is the most recent IT vulnerability that has a huge worldwide impact. The vulnerabilities have been named Meltdown and Spectre. Google's Project Zero discovered the issues and have now released details to the public.

I am going to try not to get too technical but what it basically comes down to is that modern day processors have a feature where they predict our actions to enhance performance. It now turns out that this feature can be exploited to read the memory or leak secrets.
In other words hackers could exploit this weakness to get to your passwords and other sensitive/private information.

Meltdown: Meltdown tears down the barrier between user applications and the operating system. This attack allows a program to access the memory and secrets of other programs and the operating system.

Spectre: Spectre breaks down the walls between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets.

Mozilla has already confirmed that the Meltdown and Spectre vulnerabilities can be used from Web content to read private information. In other words, hackers can setup malicious websites with java scripts to try and get your passwords (Source).

Also Secops has detected a 200% increase in global SSH scanning activity.

Well, there is good news, not so good news and bad news.

The problem is that this is not a software issue but a hardware issue. So the official statement is that to tackle this problem you will have to replace your hardware. Of course this is not an option for a lot of us.
The people facing the biggest challenges are the cloud providers like Google, Amazon and Microsoft (Azure) because they are all affected also. Hackers who have access to the virtual hosted platforms of said providers could use the vulnerability to gain access to hosted environments which belong to other costumers.

Vendors are busy rolling out patches to reduce the risks. Microsoft among others already has a fix in place but only for Meltdown (it is important to note that you should only download and install the patch if your virus scanner is compatible). At the moment of writing there is no known fix for Spectre but luckily this vulnerability is harder to exploit.

The Meltdown fix will have some side effects though. The feature that led to the exploit is used to beef up the performance and the fix takes away that performance boost. It is unknown exactly what the reduction in performance will be but it is estimated that it will be around 10% - 30%.

Good news though is that gaming and video will not suffer performance issues.

The impact of these vulnerabilities are quite severe and the risk is (still) low but you can be sure that hackers are working overtime writing scripts to exploit the weakness. As time progresses the risks will increase so it is best that you patch your system(s) as soon as possible (take into account the possible decrease in performance) and stay away from dodgy websites.

Be careful, especially if you are into cryptocurrency and use online wallets and exchanges. Just imagine what it would mean if hackers got a hold of your passwords and/or private keys.

More info about Meltdown and Spectre:

• FAQ (source):

Can I detect if someone has exploited Meltdown or Spectre against me?
Probably not. The exploitation does not leave any traces in traditional log files.

What can be leaked?
If your system is affected, our proof-of-concept exploit can read the memory content of your computer. This may include passwords and sensitive data stored on the system.

Is there a workaround/fix?
There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre .

Which systems are affected by Meltdown?
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.

Which systems are affected by Spectre?
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones.

• Blog posts:

http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html

https://googleprojectzero.blogspot.nl/2018/01/reading-privileged-memory-with-side.html (Project zero - Google)

• Papers:

Meltdown https://meltdownattack.com/meltdown.pdf

Spectre https://spectreattack.com/spectre.pdf

• Vendor information:

Google cloud & Chrome

Google

Amazon EC2 cloud

Microsoft Windows advisory

Microsoft patches & anti-virus important information

VMware ESXi & Workstation (For these patches to be fully functional in a guest OS additional ESXi and vCenter Server updates will be required)

Firefox

RedHat

Intel

ARM

AMD

Android

Chrome/Chromium

Linux foundation (kernel)

NVIDIA

XEN

Citrix

Symantec

SUSE

• Proof-of-concept demo

Demo 1

Demo 2

• Test scripts:

Microsoft powershell: (mitigation checks voor Windows OS)

• Attack/POC scripts:

cache attack code

• Benchmark results:

Linux Benchmarks