Hi all! I'm writing this post to raise awareness about an old bug in a series of microprocessor that was uncovered in 2015 luckily by a group of white-hat hackers who eventually helped create a security patch update. This vulnerability, however, cut quite deep and could have left any computer with these microprocessors open to a host of extremely malicious attacks from anyone. Below, I describe the attack, its impacts, and (since it's now safe to do so because of the security patch) a code that I used to hack into a 'fake' unpatched server for my Computing Systems class (don't worry, this was completely legal - the Profesesor made us do this as an assignment!) Moral of the story - all systems, even ridiculously strong and robust ones have vulnerabilities and are open to attack: Beware!
Meltdown and Spectre are cyber-attacks on the Intel microchip that exploits vulnerabilities within a computer processor. The Spectre and Meltdown codes allow hackers to force any program that is running in the computer processor to obtain its encryption key. This, in turn, gives said hacker the ability to access the entire program. This is an obvious security exploit, because such programs should only be accessed by entities who are required to have access to it. The implications of accessing the program are twofold: 1) The hacker will be able to access the kernel memory, which is the most protected part of the OS, 2) After reading the encryption key, the "user will be able to access all the data in the computer from browsing history to personal conversations (Mike Hamburg, Strategy News)".
In particular, the vulnerability that the Spectre and Meltdown codes executes is the fact that computer processors use speculative execution and branch prediction when maximizing performance. In particular, the processors attempt to predict which branch a program takes. The processor does not actually confirm this detination until the actual computing is confirmed. These codes train the processor to speculatively perform operations that would not happen otherwise, and it does this, in particular, by training the processor to reeach a certain branch of the computation and then speculatively exit. More specifically, speculative execution is allowed access to all memory's and registers (including access to the kernel), and when the user manipulates the way in which branch prediction occurs, it trains the speculative execution process to reach into kernel memory and return it. This automatically gives the hacker access to the kernel memory, and therefore, access to everything in the computer.
How exactly does the code retrain the processor's speculative execution? The Spectre and Meltdown codes enters isolated memories through "data exfiltration of the microarchitectural covert channels (Abu Ghazaleh, Spectrum)". In particular, the code locates addresses of the instructions to go to the kernel space, and this then leaks contents of specific registers. The code then tricks the processor to execute this instruction incorrectly such that its final destination is in the kernel. The covert channel is then used by the hacker to obtain information stored in the computer.
Spoken plainly, the Meltdown and Spectre exploits critical vulnerabilities in modern processors to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might "include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents" (Graz, 2014). "Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers" (Graz, 2014).
It is worth noting that Intel, (the primary company affected) created a security update on all new processors in which they "prepared patches to mitigates these flaws (Paul Kocher, Spectre)" wherein the new class of processors (codenamed Cascade Lake) would use deep-learning to boost instructions and mitigations to prevent Spectre and Meltdown attacks.
Spectre Attack
Meltdown Attack