Researchers discover serious processor vulnerability

Michael Schwarz, Moritz Lipp and Daniel Gruss (v.l.) from TU Graz were chiefly involved in the recent descovery of devastating vulnerabilities in computer processors.
Michael Schwarz, Moritz Lipp and Daniel Gruss (v.l.) from TU Graz were chiefly involved in the recent descovery of devastating vulnerabilities in computer processors.

Researchers with Alphabet Inc's Google Project Zero, in conjunction with an international team including TU Graz in Austria (Nikola Tesla’s Alma Mater), have revealed two new vulnerabilities in computer processors: Meltdown and Spectre. PCs, servers and cloud services are affected. A software patch could help. But, the patch will bleed off system performance by as much as 30 percent. In supercomputers, this is both security and performance concerns that could result in significant expenditures in man-hours to patch systems and potentially affect critical available processor resources.

 

Around the turn of the year speculation was rife about new, serious vulnerabilities that could affect all modern processors. Now it is official: two newly-discovered exploits, Meltdown and Spectre, could allow unauthorised users to gain direct access to kernel memory, at the heart of computer systems. The issue was discovered by an 10-strong international research team, in which Graz University of Technology’s Institute of Applied Information Processing and Communications plays a central role. Both exploits take advantage of a central operating principle of fast processors. Intel, AMD and ARM chips are chiefly affected.

“Meltdown is a very simple exploit – only four lines of code are needed to gain access,” explained Moritz Lipp, Michael Schwarz and Daniel Gruss from TU Graz. “Spectre is significantly more labour-intensive, and consequently more difficult to protect against. It uses the code itself to trick the system into giving up its secrets.” The vulnerabilities affect private computers as well as most server infrastructure and cloud-based services currently in use.

In order for computer systems to work faster, modern processors perform calculations in parallel rather than sequentially. In parallel to lengthy tasks, the processor attempts to predict the next steps that will be required and prepare for them. “For performance reasons, at that point no check is made as to whether the program accessing data actually has permission to do so,” the Graz researchers explained. If a predicted step is not required, or if permissions are not present, the processor discards the preparations it has made. This preparation phase can be exploited to read data from the kernel – for example passwords saved in commonly used browsers.

Patch from Graz protects against Meltdown exploit

KAISER, a patch developed by the Graz researchers at the institute, is designed to help secure the vulnerabilities. Because attacks would be directed against hardware but carried out via software, developers from the major IT companies have adapted and further developed their proposal, and are delivering patches with their latest security updates. “The update affects the central functions of fast processors, and could make a difference especially in terms of speed,” explained Gruss, Lipp und Schwarz. “Nevertheless, we would appeal to all users to install these updates. The largest providers of cloud and server solutions will implement them in the coming days.” Manufacturers still have work to do to solve the problem in the hardware itself – especially since the patch is effective against Meltdown, but not against the Spectre exploit.

The research was done in the framework of the ERC-funded project “Sophia”. ERC-grant-awardee Stefan Mangard of TU Graz´s Institute of Applied Information Processing and Communications played a central role.