An unprecedented CPU security flaw

Yesterday, Google unveiled something of a bombshell: one of its researchers found a pair of CPU exploits that attack a fundamental processor hardware implementation ‚ÄĒ¬†it affects more than two decades of processors from Intel,¬†AMD and even ARM devices.¬†

The attacks, Meltdown and Spectre, are quite complicated and their consequences are far-reaching: an attacker is able to steal whatever is in memory (passwords, secret keys, whatever) just by running a simple piece of arbitrary code. 

Google, which discovered the issues and reported them to Intel in late 2017, disclosed them more than five days ahead of schedule due to leaks beginning to occur, meaning almost no vendors are ready with real responses yet. I'm going to try and break down why this matters, and why cloud providers are today scrambling to patch their sprawling infrastructure.

Meltdown,¬†which is a patchable¬†flaw, allows a program to access running memory regardless of the context it's running in. Usually an application runs in a sort-of sandbox, where it's unable to access system-level information ‚ÄĒ¬†but Meltdown allows that application to steal secrets from the OS, and access data outside of its own space.

The isolation it breaks is one of the fundamental assumptions we make about operating system security. The kernel, which controls your OS, is firewalled off and handles many runtime secrets, including encryption keys, passwords and more. Because that wall is now non-existent, we have a problem:¬†any malicious application may be able to peek in there and grab whatever is running¬†‚ÄĒ and you'll never know if it happened.

This attack is possible because of a long-standing processor practice called 'speculative execution,' used to increase performance dramatically by optimistically guessing that tasks will need to be performed in the future.

Basically, as your processor completes tasks, it will assume future tasks need to be done, and execute them before it¬†knows if that task¬†actually exists.¬†If the task turns out to not have existed in the first place, the processor rolls back seamlessly to the correct task and carries on ‚ÄĒ this happens hundreds of times a second, and is responsible for much of processor efficiency today.¬†¬†

Meltdown allows an attacker to exploit that rollback state: because you're able to assume that a processor has executed something before it knows if it should run ‚ÄĒ like accessing protected memory, which isn't allowed ‚ÄĒ¬†an attacker can cause an exception that means the future task, while it never actually "executes", does store the contents of memory elsewhere on your system.

Yeah, it's complicated. What's important to understand is regardless of what computer you own, if it uses an Intel processor¬†this affects you ‚ÄĒ¬†but it's patchable. The bad news is that the patch modifies that speculative execution at a fundamental level so will slow down your machine a non-trivial amount.

Spectre, which is a fundamental processor design problem, is not patchable and affects every machine out there. 

It's a related attack that is much more difficult to execute, but has worse consequences: it allows malicious applications to trick other applications into revealing secrets. 

If an attack is executed on a hypervisor (the metal which hosts virtual machines) it may cause the host to give up the entire memory space (including the secrets of other currently running virtual machines). There have not been any successful instances of this that we know of, but the trick is this: it would be almost impossible to detect.

There's no fix because the reason this attack works is part of almost all modern processor architecture. To resolve it, a NYT reporter said Intel, AMD and others will need to go back and redesign their silicon. Researchers believe the bug may haunt us for the next decade, as hardware now tends to have longer replacement cycles.

What all of this means and what you can do:¬†well, for consumers, the only thing to do is patch everything. Apple and Microsoft have patches out today, and you'll¬†also¬†need to do a firmware update on your hardware itself, which will come separately over time. The actual risk on consumer hardware is fairly low, but shouldn't be trivialized ‚ÄĒ¬†patch your machines today.¬†

For Windows users, the patch is KB4056892 and it applies to Windows 7 or higher. For Mac users, patch to 10.13.2. Initial reports say that performance is impacted, but there are few hard numbers right now.

For cloud providers it's the Kobayashi Maru scenario we've been afraid of: there's no way to win here, and it's a race to mitigate as best possible. Amazon Web Services, Google Cloud, DigitalOcean and Azure plan (or have completed already) sweeping outages, as well as system reboots to patch their hardware before an usable exploit is in the wild.

The consequences for cloud providers are also much larger: many AWS users are reporting major CPU bottlenecks after the fix is applied because it restricts the discussed feature. Rumors suggest it's up to 30 percent worse, but there just isn't enough data yet. Intel, naturally, says it expects "minimal" impact.

I've got a bunch of servers to update, and you likely need to do the same if you run any sort of service on top of a platform like DigitalOcean. To be clear, these attacks existed for decades before detection, and while they're bad, there's a lot of prerequisites to perform them against you right now. Technology media is shouting that the sky is falling, but we don't know everything just yet.

TL:DR: Heartbleed, the flaw that broke SSL on the internet, looks like a small accident compared to what we've discovered today. These exploits are more like someone accidentally causing a nuclear meltdown decades ago, but just figuring it out now and scrambling to fix it publicly. 

I'll keep you updated as the situation develops.

Tab Dump

Spotify confidentially filed for IPO
Surprise, after that weird lawsuit news yesterday Spotify has filed for a direct listing rather than a traditional 'float' on the stock exchange ‚ÄĒ which may change tech businesses going public for a long time. Here's why this is a smart move¬†(we think).¬†

Those awful LinkedIn posts taking over your feed
Have you noticed

A new kind

Of post on LinkedIn? It talks like this.

To make a meaningless anecdote about something inconsequential.

Here's why it's a thing.