Meet ‘MeltdownPrime’ and ‘SpectrePrime’
We heard last month that white hat security researchers could be close to engineering a usable exploit for the Meltdown and Spectre vulnerabilities, and this has now actually happened.
Security experts from Nvidia and Princeton University have authored a new research paper which details ‘MeltdownPrime’ and ‘SpectrePrime’, exploits which leverage these gaping flaws in modern processors via side-channel timing attacks.
And these attacks can be used to prise out sensitive data from cache memory which could include the likes of passwords. As the Register reports, the SpectrePrime proof-of-concept exploit has already been successfully used on a MacBook with an Intel Core i7 processor, although the Meltdown variant (which is only applicable to Intel’s chips) hasn’t yet been successfully demonstrated on an actual real piece of hardware.
Before we get too carried away with the potential dangers here, it’s important to clarify that no code for these exploits has been released, so there’s no imminent risk. That said, if the good guys have cooked up a successful exploit, the bad guys out there may well be on the brink of doing so as well.
The other positive point is that the current patches underway for Meltdown and Spectre are likely to protect against these (and other potential) exploits. Of course, we’re still waiting for an official patch from Intel, with only Skylake machines having received a revamped Spectre patch (following stability issues with the previous fix) last week.
What’s more worrying, however, is that the researchers suggest that processor manufacturers might be in trouble when it comes to making hardware changes to try to guarantee immunity from these flaws going forward.
In other words, these issues are so deeply embedded in the silicon of contemporary processors, that getting rid of them completely – and covering all bases of all potential exploits therein – may be extremely difficult.
Intel has already said that chips which are resistant to Meltdown and Spectre will emerge later this year, whereas AMD is saying that it will be rolling out Spectre-proof processors in 2019 with its Zen 2 architecture. Let’s hope that those promises hold.
Meanwhile, Intel is taking further stepsto battle against major security holes like these, updating its ‘bug bounty’ program, which pays out rewards to people who find and disclose vulnerabilities.
The scheme is now offering up to $250,000 (around £180,000, AU$315,000) for researchers who find side-channel vulnerabilities like Meltdown and Spectre, whereas the maximum bounty has been raised to $100,000 (around £70,000, AU$125,000) elsewhere.
Intel is also making the program available to all-comers, meaning that any security researcher can contribute, whereas previously this was an invite-only affair. That means more folks hunting for bugs, and hopefully finding them so Intel can patch them up in good time before disclosure happens.
That’s the theory anyway, but with gaping holes like Meltdown and Spectre, patching has still been a chaotic matter even though Intel was informed about these problems in June and July of last year.