Security breaches: What is the Meltdown vulnerability?

Protect yourself

The damages that result from cyber security vulnerabilities are alarming, statistics show that the total number of vulnerabilities in 2018 were 17,308. In addition to that, more than a third of the vulnerabilities don’t have an available solution, which means that they’re getting more aggressive and complicated. In 2018, researchers revealed one of the most serious vulnerabilities in modern technology, known as ‘Meltdown gap’.

Meltdown is a vulnerability that information security researchers have found in Intel processors and most modern computer processors. In this article we will try to simplify and elaborately explain this threat. We will also explore the latest information about it and what are the risks that it may cause and how to protect your devices from it.

Related: It’s not just malware: 7 common website security vulnerabilities 

What is ‘Speculative Execution’?

To understand this vulnerability, we must understand what speculative execution (also known as dynamic execution) is.

To simplify the term, imagine that you are in the market and your wife asked you to bring rice from the rice and pasta section. When you went, you found an offer on the pasta, so you predicted that your wife will want to get this offer, especially that you know that your house needs this element. So, you decide to buy it and you go back home to face the moment of truth: Did your wife really want this pasta or not?!

In this case there are two possibilities:

  • She will be happy that you did seize that offer and she’ll feel like you’re reading her mind (win-win situation).
  • Or she will reprimand you for bringing something she didn’t ask for or need. In this case you will have lost the effort of loading the pasta into bags and moving them from the market to your house (well, it’s not a huge loss anyway).

But what does this have to do with the computer? This is exactly what a microprocessor does.

Speculative execution is a technique that CPU designers use to improve CPU performance. Here’s how it works. Modern CPUs are pipelined, which means they’re capable of executing multiple instructions in parallel. The CPU may execute certain tasks ahead of time, “speculating” that they will be needed. If the tasks are required, a speed-up is achieved, because the work is already complete.

So, when you ask the microprocessor to open a specific file, it will download the program that will open the file and then reads the file from the hard drive or any storage media and loads it on the screen. Because this processor is very fast, unlike the rest of the components, like the hard drive, compact disc, or even RAM, this process will be done quickly.

So, the manufacturer suggested exploiting that time in doing other processes that we might need, such as “predicted” – just like what you predicted in the pasta story – rather than just waiting. Thus, various processes are accelerated, and we will be able to increase the efficiency of the processor and software in general.

What does that have to do with the meltdown vulnerability? We’ll explain…

The meltdown vulnerability explained

meltdown vulnerability logo

The Meltdown vulnerability was discovered by researchers at Google, Graz University of Information Technology and some other research institutions. It was announced on January 3, 2018 that it affects almost every processor, across virtually every operating system and architecture. Presently, 14 Meltdown variants have been identified.

Meltdown is a vulnerability that allows a process to read all memory in a given system by creating a sub-channel of attack for other programs that they wouldn’t normally read.

Meltdown allows malicious actors to bypass system security protections present in nearly every recent device with a CPU. It’s not just PCs, servers, and smartphones, but also the Internet of Things (IoT) devices like routers and smart TVs. It is possible to read protected system memory, gaining access to passwords, encryption keys, and other sensitive information.

For example, the tabs in different Internet browsers, no tab is supposed to read the data or information of the other tabs. Because one of the tabs may contain your bank account details while the other tabs are just normal web pages.

How does the meltdown vulnerability work?

Meltdown takes advantage of speculative execution and CPU cache inherent in CPU designs.

So, let’s breakdown how does the meltdown vulnerability work. Meltdown exploits a race condition between memory access and privilege level checking while an instruction is being processed.

So, you give instructions to be executed and during the early stages of the execution, the CPU scheduled two events – a privilege check, and the first steps of executing the instruction.

As part of that, while it was waiting for the first order to be completed, the execution unit starts fetching the data. This data will be fetched by the memory controller during the initial stage of instruction execution, even if it will be then discarded and abandoned.

Despite the fact that this data might be discarded later, it has already been requested by the execution unit and fetched by the memory controller, in order to be ready to process it. The CPU cache was in fact updated as an automatic part of fetching data from memory, in case the same data might be needed shortly a second time. At this point, Meltdown kicks in.

If data from some address has been cached by the CPU then a second instruction to read that address will use the CPU cache for the purpose (fast), if not then the CPU would have to request the data to be read from memory (slower). Meltdown can use it combined with other features of the CPU instruction set to gain full access to all mapped memory.

Watch this video as researchers show in real time how a Meltdown attack can reveal any sort of sensitive information.

How serious is the meltdown vulnerability?

Researchers have classified it as a medium-risk vulnerability, because it is not as easy to implement. But the seriousness of this vulnerability isn’t in its danger or the ease of implementing, but because it opens the door to other vulnerabilities related to the way the processors and electronic boards work.

Considering the fact that processors are present in almost everything It can be used to steal data from nearly any computer, as well as iPhones and iPads and other mobile devices. Moreover, it can steal data from electronic devices such as: TVs, refrigerators and even washing machines and air conditioners that might be found in industrial and military institutions.

How can you protect your devices against this threat?

The difficulty of this vulnerability is that it deals with a characteristic of the design itself, not programming. Companies involved have found solutions, yet they have not been well tested and haven’t taken enough time to verify their effectiveness. As the reputation of the processor’s companies were at stake, updates and fixes were implemented very quickly.

To fix this vulnerability, browsers need to be updated. Also, the operating system, which contains an update to the processor in the form of micro code needs to be updated too.

You can find the updates for Windows here.

You should also check the Windows Update service to make sure that KB4056892 update is installed for Windows 10.

You also need to check the support page in your computer manufacturer’s website for the release of any possible updates to protect your computer.

Finally, each browser has its own update, you can find the update by searching for “speculative execution side channel vulnerabilities fix”

Conclusion

Finally, if you’re interested in ready more about security and related informative articles check GoDaddy’s blog. You can also use GoDaddy’s Web security products and tools, to protect your online identity, your website and your customer’s information.

Image by: Arnold Francisca via Unsplash.

Mohamed Shalaby
Mohamed has a Master’s degree in Computer Science and BSCs degree in Computer Engineering as his major specialization. He started his professional IT career in 2000, and in 2007 he decided to pursue his passion of Information Security as an Internal Auditor in one of the global leading telecom and service provider organizations. Since 2001, he worked in different domains like: Software engineering, IT support, Trainer and Information Security Management. Currently Mohamed is working for one of the top information security consulting and service providers located in New Zealand. For more information you can check his his website .