Specter and Meltdown

Reader explanation: Specter, Meltdown vulnerabilities and speculative execution

On January 3, it went public through the Project Zero (from Google) the set of vulnerabilities known today as Specter and Meltdown. This team at Google has, since 2010, been responsible for discovering vulnerabilities that have not yet been exploited in software produced not only by the company, but by any other manufacturer aimed at the security of everyone on the Internet in general.

They have as modus operandi disclose the vulnerabilities first to the manufacturer, so that it can correct the problem, and only after that do the disclosure to the public, thus preventing such vulnerabilities from being exploited by crackers.

As many have not yet fully understood what these vulnerabilities represent and how they work, I was invited by MacMagazine to explain the matter and resolve these doubts once and for all.

The set of vulnerabilities disclosed in the last month represent what is being called speculative execution, which I explain below. But first, let’s go to a summary of what each vulnerability represents.

THE Specter (or “Phantom”) breaks the isolation between applications and allows an attack in which the attacker creates a spectrum and impersonates an application illegally, receiving information that is generally hidden between applications but, in this case, is completely susceptible to an attack external.

The Meltdown (in a literal translation, “Melting”) has this name in analogy to the fact that it melts the fundamental division between the user’s application and the operating system, making the target vulnerable and may have the content of the user’s memory and information. operating system exposed to an attack.

Specter and MeltdownThe logos created by the initiative Meltdown Attack, which discloses information about these vulnerabilities

The combination of these vulnerabilities allows a speculative execution attack. It is a resource that anticipates the user’s most usual actions to gain performance and, therefore, the correction of these flaws results in the (variable) loss of performance of the affected processors.

The speculative execution would basically be as if a person goes, for example, to Starbucks every day and orders a cappuccino. The processor learns this, and every time a person enters Starbucks, the chip would recognize the person and start making cappuccino before they even order, thus streamlining the process as a whole.

Now, let’s imagine that 20% of the time the person does not order the cappuccino. Okay, they throw out the cappuccino and place the other order as normal. This operation is obviously not going to be as fast as the usual cappuccino, but having the speculative execution ends up paying off in the other 80% of the time you have saved time ordering the cappuccino.

And the flaw explored is just that. This speculative execution attack allows the attacker to have access to the user’s usage profile on behavior in 80% of cases. This, of course, is information that helps an attacker to mount an attack – and, of course, it is a very strong breach of confidentiality.

This, of course, is an informal explanation of what these vulnerabilities are about. All major manufacturers have already released patches and Intel plans to launch new chips later this year that are no longer affected by them.