Vulnerabilities affect how systems isolate sensitive data in memory. Exploiting vulnerabilities could allow attackers to gain access to data such as passwords, encryption keys, or potentially data from other virtual systems on the same server. In the previous article, we explained what the meltdown vulnerability is. In this article we will continue to explore another vulnerability - Spectre - that belongs to the same type of vulnerabilities; known as the hardware design vulnerabilities.
In this article we will dig deep into the Spectre vulnerability, we will discuss what this vulnerability is, the danger behind it and how to keep your devices secure.
The Spectre vulnerability explained
Spectre's name comes from speculative execution. It’s not a simple vulnerability, and it will probably chase us for decades to come because it’s part of the physical gear vulnerabilities. Thus, they are found in most modern processors which are in almost all modern devices.
Spectre relies on security flaws in the speculative execution of CPU instructions. Modern processors are so fast that executing instructions in order one-by-one would lead to the CPU waiting for memory access, which takes several hundred clock cycles. Modern CPUs try to execute instructions that are ready for execution while waiting for memory operations.
The Spectre vulnerability works to overcome memory barriers between different software memories. Just like the meltdown vulnerability eliminates the barriers between the user's memory and system memory, the Spectre breaks through or breaks between different software memories.
To simplify the matter as explained in the previous article, Spectre relies on issues with speculative execution itself to be carried out. The exploitation is highly dependent on the CPU version because prediction algorithms and deepness of the prediction buffers differs not only between vendors but across CPU generations.
The real challenge with Spectre is its mitigation. Unlike Meltdown (which could be mitigated via patches to the operating system), Spectre requires changes to the hardware itself.
Moreover, the difficulty of this vulnerability is to induce the processor to execute speculation, thus reading the data and directing the processor to specific data. As experiments have shown, the meltdown vulnerability can detect data at a speed of 120 kbps/sec and the Spectre vulnerability is slower as it can detect data at a speed of 1.5-2 kbps/sec.
The second variable format of the vulnerability (where there are several ways and forms that one can exploit the vulnerability through and hence it changes its form) takes 10 to 30 minutes in the stage of preparation for the vulnerability to start implementation on a device that contains 64 GB of RAM, which increases with time with lower memory space.
How dangerous is the Spectre vulnerability?
The danger of this vulnerability comes from its demolition of the principle of sandboxing between different programs and memory spaces allocated to each of them. The danger also lies in the difficulty of dispersing malware that attempts to implement this vulnerability from other real software through viruses, or other specialized programs.
The difficulty is that it is not possible to identify a particular pattern that can distinguish this vulnerability. It is also easy to implement it on local CPUs with local machine codes (like: C / C++… etc.). This vulnerability can also be implemented remotely (remote execution).
This vulnerability is also characterized by the inability of detection. This means that if a particular device was compromised by it it would be almost impossible to find out, because there are no log files for any of the processor operations. The Spectre can damage your data, disclose your data secrets, such as passwords, etc., or make it unavailable when you need it.
But how is the Spectre different from Meltdown?
Well, Meltdown depends on the prediction of data as explained in the previous article, while the Spectre reads the data directly.
There is no direct and clear identification of the risk assessment of this vulnerability on CVSS. CVSS is the scoring system that provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The score depends on several factors, including the multiplicity of systems affected and the difference between the affected devices in terms of impact and vulnerability and the importance of the data, etc.
Note: Spectre covers two separate attack vectors which have been assigned CVE-2017-5715 and CVE-2017-5753, which are maintained by MITER.
How can you protect your CPU from this vulnerability?
Currently, there are software patches for these vulnerabilities, but their efficiency varies from one device and operating system to another as we have explained. There are also some attempts to avoid and fix the Spectre vulnerability before and after the software is infected by it.
You can read more about these attempts in the following link.
In February of 2019, new and variable forms of Spectre vulnerability were announced that could never be solved by software patches. Staying up to date with these two vulnerabilities (Meltdown and Spectre) may be almost impossible.
What the average user, data manager, or IT person in any company should do is follow the latest updates in these vulnerabilities within their work environment or personal devices.
You can find more information in the below links:
- How can you make sure that your Linux devices are patched against the Meltdown and Spectre vulnerabilities?
- A free tool from Microsoft to assess Spectre and Meltdown in your work environment.
- Apple's version of patching the iOS operating system against Spectre in its chips.
- How to protect Microsoft Windows servers from the Spectre and Meltdown vulnerabilities.
You should keep in mind that all available software patches for Spectre and Meltdown significantly affect the performance of the patched devices. In the end, it is a balance between benefit and damage, and this trade-off must be calculated well before proceeding to patch.
This raises an important question at this point: Does buying a new processor will naturally avoid these vulnerabilities? The answer to this question is not an easy yes or no. It depends on the type of processor and its manufacturer.
But most processor manufacturers avoid these vulnerabilities in the design of their new processors. It is also not feasible to update thousands of processors in existing companies only because of the Spectre and Meltdown vulnerabilities. This may be an individual solution for home users or individual users but not on a large commercial scale.
Finally, if you are interested in reading more about data and web security, you can check out the articles in the GoDaddy blog.
