All computers and devices at risk. What are Meltdown and Spectre?

Cybersecurity services in New York

Its first week of new year and massive security vulnerability hits almost all Windows, Linux and mac users worldwide. Initially researchers investigated that Intel chips are vulnerable to some severe ‘memory leaking’ flaws, now its revealed that every modern processor since 1995 is vulnerable. These flaws impacts all major CPUs from AMD, ARM, and Intel and almost all PCs, laptops, tablets, smartphones, regardless of manufacturer or operating system, says Google Project Zero

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) are hardware flaws researchers have discovered that are exposing nearly any data the computer processes, such as passwords, proprietary information, encrypted communications etc.

Speculative Execution is a feature in chips, its technique used my modern CPUs to optimize performance. These attacks take advantage of Speculative Execution.

Meltdown Attack

Meltdown affects Intel processors and works by breaking the barrier that prevents applications from accessing arbitrary locations in kernel memory. Meltdown uses speculative execution to disrupt the segregation between user applications and operating systems, resulting in granting any application to access all systems memory including that allocated to kernel. Meltdown affects almost ball desktops, laptops and cloud computers.

Spectre Attack

Spectre attack is more vulnerable as it has reach to mobile phones, embedded devices and any devices that has chip on it. It affects Intel, AMD and ARM processors. The flaw tricks applications to disclose the information that would normally be inaccessible and safe inside protected area. It’s not easy to patch this flaw as it’s based on processor architecture, it may need changes on architecture to fix it permanently. Spectre attacks can leak information/secrets saved on kernel to user programs, information can also leak from virtualization hypervisors to guest systems.

This vulnerability impacts every system including desktops, laptops, cloud servers, smart phones- powered by Intel, AMD and ARM chips.

Mitigations and Patches

Users and administrators should contact their OS vendors for recent information and patches. Many vendors have already releases patches for these vulnerabilities, others are in process of releasing. After applying patches, performance may be reduced by up to 30 percent. Performance should be monitored for critical applications and services to avoid any failure and work with vendors and service providers to mitigate the effect if possible.

Mitigations for Chrome/IE Users

This exploit can be executed through the website, Chrome users can turn on Site Isolation feature on their devices to mitigate these flaws. On IE use InPrivate browsing feature (IE > Tools > safety > InPrivate browsing).

Here’s how to turn Site Isolation on Windows, Mac, Linux, Chrome OS or Android:

  • Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
  • Search for Strict Site Isolation, then click the box labeled Enable.
  • Once done, hit Relaunch Now to relaunch your Chrome browser.

CompCiti Business Solutions, Inc. is an IT services and Security Company in New York since 1996. CompCiti works with its clients in protecting them from outside threats including ransomware, viruses, malwares, phishing attacks etc. CompCiti offers 24/7 support, Level 3 support. CompCiti can ensure your IT systems are secure and efficient. To find out more about our Managed IT and Security services in New York, please contact us (212) 594-4374 for a free phone consultation and to find out how CompCiti can help you to protect your systems from any cyber crime.

 References:

https://www.us-cert.gov/ncas/alerts/TA18-004A

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Image by Pixabay