What is Meltdown and Spectre

One of the biggest new in the tech industry in recent years was a discovery in a security flaws in the processors on the devices that we use daily. The security flaws named Meltdown and Spectre design flaws (hardware design) that can be exploited on every desktop, laptop, tablet or phone that has a processors designed and created in the past two decades. This also means that it doesn’t really matter which operating system you are using, you can get exploited.

The simplest explanation to what a combination of these two flaws could do are two things: slow down your computer and give the attacker access to your personal data. The technical details are below.

As mentioned previously, these exploits can be used due to a hardware design flaws in the chips. Initially, researchers discovered 3 flaws, two of which are Spectre and the third one is Meltdown. In order for an attacker to get access to your data he would need to exploit two techniques that speed up your pc. Those are speculative execution and caching.

Speculative execution is the chip’s ability to “guess” the future which enables it to compute faster. Today’s chips are able to execute more than one instruction at the same time, which means that while the CPU is executing the instruction that is next in line to be executed it is calculating or guessing the next one. For example, if take a situation where we say that if “sky is blue” is true print out sunny or if “sky is blue” is false print out cloudy (this can be easily shown with a few rows of code, which we will not do). What the speculative execution does is that it starts computing both cases, if it’s true and if it’s false at the same time, so once the condition is completed (once “sky is blue” is true or false) the chip already know what the next step will be and will be able to execute it without having to do computing on that. A similar example is when the chip recognizes that a certain calculation is carried out frequently, so it uses it’s “spare time” to continue doing the calculation so when the program needs it will already be calculated.

Caching is a feature that speeds up the process of getting data from the RAM. Even though every device has a RAM, regardless if it’s 1 gigabyte or 64, the time it takes for the chip to get some data from the actual RAM is a long process (long in computer terms, in our terms is less than a blink of an eye). This might not seem long, but if we take into consideration that the CPU does millions of calculations every second and needs a lot of data to go through, getting data from the RAM will certainly slow things a lot. A solution for this was adding a RAM memory to the actual chip. Even though this RAM is only a few megabytes, the chip stores data that is planning on using in the near future (the near future for a chip might be a few milliseconds) or data that the CPU uses frequently so it stores it in the cache.

Exploiting both of these techniques will cause a problem once they start accessing the protected memory. One of the essentials in a PC security is the protected memory. What this means is that parts of the data are stored protected and the only one that has access to it is the program that uses it. All other programs need to go through a security check called privilege check. The process of checking if a program has privileges to access the data in the protected memory takes long, longer than it takes for the CPU to access the data. So if the data is stored in the cache and the CPU with its speculative execution starts computing it, but still stores it in the cache. So by exploiting these flaws the attackers will not be able to see your data, but will be able to figure it out by finding out the locations. This process is called a side-channel attack.

Meltdown and Spectre in a combination can do everything that is explained in the previous paragraphs. Both can gain access to certain that that should not be otherwise accessible, each in its own way. Spectre can be used with a certain piece of code, in most cases JavaScript, on a website which could provide the attacked with the login credentials. On the other hand Meltdown could be used to gain access to data to other programs or users on the same machine, or in situations where a virtual server is hosted.

All manufacturers are already rolling out updates in order to patch the exploits. Google and Firefox have also sent out updates for their browsers in hopes that they manage to beef up the security. One thing needs to be clear> these are hardware flaws, which means that any software or update is working on top of the hardware. A safe update will never be released, but will certainly keep the manufacturers busy with fixing them for future generation chips.

In the next article, we will explain how to protect yourself (as much as possible) from these exploits.