What is Meltdown/Spectre?
Meltdown and Spectre are recently-discovered vulnerabilities found in Intel, AMD, Apple, and ARM processor chips. These vulnerabilities are the result of a serious design flaw in the affected chips, and the discovery of this issue has led to a forced redesign of Windows, Mac, and Linux operating system software to mitigate the vulnerability and prevent attackers from exploiting it.
These vulnerabilities were discovered by researchers at Google’s Project Zero, a team that’s dedicated to finding security flaws before they can be exploited by attackers; as of now there are currently no known Meltdown or Spectre exploits in existence. Security teams at major tech companies like Apple, Intel, and Microsoft, as well as open-source Linux developers are now dedicating heavy resources to try and ensure that their processors and operating systems are secured ahead of any malicious exploits.
Who is affected by the Meltdown and Spectre vulnerabilities?
With a few exceptions, everyone with a PC and/or a smartphone is at risk. According to Google, every device with an Intel processor chip made after 1995 is affected. AMD and ARM chips are harder to exploit, but they are also at risk.
How to protect against the Meltdown/Spectre vulnerability?
Besides replacing a PC’s processor, the only way to close the vulnerability is to patch the operating system. Apple quietly introduced a Meltdown patch to OSX in early December, while Microsoft released a Windows patch on January 3rd, and Linux developers are still scrambling to put together a patch.
An unfortunate side effect of these Meltdown patches is that they will, by design, slow down the processing speeds of the computers using the patched OS. These slowdowns will impact performances by an estimated 5-30%, depending greatly on the type of chip and the tasks being performed.
How do the Meltdown and Spectre vulnerabilities actually work?
Both Meltdown and Spectre are vulnerabilities created in the execution of a special low-level code called “kernel code”, which runs specifically during a process known as speculative execution.
What is speculative execution?
Speculative execution can perhaps be most easily explained using a metaphor. Imagine a hiker lost in the woods who comes across a fork in the trail creating two roughly parallel paths; one path will get the hiker home, the other will not. Rather than waste time waiting for another hiker to give her directions, she chooses the path she believes is most likely to get her home. At some point on the hike, she comes across a trail marker, if that trail marker informs her that she’s on the right path, then she continues down that path and gets home. If the trail marker tells her she is on the wrong path, she quickly backtracks and hops over to the alternate trail, which leaves her no worse off than if she was still at the base of the trail hoping for directions.
Many modern processors perform a similar technique called speculative execution, where the CPU tries to guess what code needs to be executed next, and then performs that code before being required to do so. If the executed code turns out not to be needed, the changes are reverted. This is meant to save time and speed up performance.
Reports on the Meltdown/Spectre vulnerability are suggesting that Intel CPUs may be performing speculative execution of code without requiring important security checks. It may be possible to write software designed to check if the processor has completed an instruction that would normally be blocked by these security checks.
This mishandling of speculative execution creates a CPU vulnerability which an attacker can exploit to access very sensitive data in kernel memory such as passwords, encryption keys, personal photographs, emails, etc.
So what’s a kernel?
A kernel is the program at the core of a computer’s operating system. It has complete control over the operating system and administers everything from start-up to the handing of memory. The kernel is also responsible for sending data-processing instructions to the CPU (Central Processing Unit). Most CPUs are constantly shifting back and forth between kernel mode and user mode.
What’s the difference between kernel mode and user mode?
In kernel mode, the CPU is executing code that has unrestrained access to the computer’s hardware and memory. This mode is generally reserved for the lowest-level and most trusted operations. Crashes that occur while the CPU is in kernel mode are potentially catastrophic; they can crash the entire Operating System.
In user mode, the code being executed cannot access hardware or reference memory, instead it must delegate to system APIs (system APIs can run kernel-mode functions that user-mode software can request with the proper permissions). User mode crashes are usually isolated and recoverable. Most code is executed in user mode.
Why does the Meltdown patch slow down performance?
The fix in the Meltdown patch involves a more dramatic separation of the kernel’s memory from user processes. This is done via a method called Kernel Page Table Isolation (KPTI). KPTI moves kernel mode operations into a completely separate address space from user mode operations. This means that it takes significantly more time to switch between kernel mode and user mode.
To illustrate this, imagine a food truck that only sells two items: hot dogs and cold lemonade. The employee inside the food truck can quite easily reach both the steamer containing the hot dogs and the cooler containing the cold lemonades, and business moves quite briskly. Now imagine the health inspector comes through and requires the hot and cold foods to be kept on separate premises. Now the employee can still reach the hot dogs, but has to exit the truck and take a walk down the street to fetch each lemonade. This would cause the food truck’s line to move much slower, particularly if folks are ordering a lot of lemonades. This is similar to how KPTI can slow down the performance of an operating system.
What’s the difference between Meltdown and Spectre?
Both Meltdown and Spectre are vulnerabilities created by the way processors handle speculative execution, but they differ somewhat in how they work and which types of processors are affected.
Meltdown only affects Intel and Apple processors and can be exploited to leak information that gets exposed as a result of code that processors execute during speculative execution. Meltdown is easier to exploit than Spectre and has been labeled the larger risk by security experts. Thankfully, Meltdown is also easier and more straightforward to patch.
Spectre affects Intel, Apple, ARM, and AMD processors and it can be exploited to actually trick processors into running code that they should not be allowed to run. According to the security experts at Google, Spectre is much harder to exploit than Meltdown, but it is also much harder to mitigate.