Two serious design vulnerabilities in CPUs were exposed that make it possible, although not always that easy, to steal sensitive, private information such as passwords, photos, perhaps even cryptography certificates in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD. The scope of the vulnerability is wide-ranging, affecting everything from the ARM processors commonly used in tablets and smartphones to the IBM POWER processors used in supercomputers.
And that is exactly where the problems begin. CPUs made by AMD, ARM, Intel, and probably others, are affected by these vulnerabilities: specifically, ARM CPUs are used in a lot of IoT devices, and those are devices that everybody has, but they forget they have them once they are operating, and this leaves a giant gap for cybercriminals to exploit.
What kind of sensitive data can be stolen from a Wi-Fi-controlled light? Or a smart refrigerator? Or from a digital photo frame? Or from a so called Smart TV? The answer is simple: lots. Think about your Wi-Fi password (which would make it possible for anyone to get onto your local network), your photos (luckily you only put the decent photos on the digital photo frame in your living room, right? Or did you configure it to connect automatically to Instagram or DropBox to fetch your newly-taken pictures?), your credentials to Netflix? Your… Eh… There is a lot of information people nowadays store on IoT devices.
Now, there is a much larger underlying issue. Yes, software bugs happen, hardware bugs happen. The first are usually fixed by patching the software; in most cases the latter are fixed by updating the firmware. However, that is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware.
The issue is that programs running in user-mode address space (the “normal” range of memory in which application software, games and the like run) on a computer can infer or “see ” some of the information stored in kernel-mode address space (the “protected” range of memory used to contain the operating system, its device drivers, and sensitive information such as passwords and cryptography certificates).
It is not feasible, in fact not even possible, to replace all CPUs in all devices. It would be too costly. In the real world, people will keep their existing devices until those devices reach the end of their lifecycles. So for years to come, people will have households with vulnerable devices.
Luckily, with cooperation between the suppliers of modern operating systems and the hardware vendors responsible for the affected CPUs, the Operating Systems can be patched, and complemented if necessary with additional firmware updates for the hardware. Additional defensive layers preventing malicious code from exploiting the holes – or at least making it much harder – are an “easy” way to make your desktop, laptop, tablet and smartphone devices (more) secure. Sometimes this happens at the penalty of a slowdown in device performance, but there’s more to security than obscurity and sometimes you just have to suck it up and live with the performance penalty. To be secure, the only other option is either to replace the faulty hardware (in this case, there is noreplacement yet) or to disconnect the device from the network, never to connect it again (nowadays not desirable or practical).
Fixes to prevent user-mode programs from “peering inside” kernel-mode memory are being introduced by operating system vendors, hypervisor vendors and even cloud computing companies, but it appears the initial round of patches will slow down operating systems to some extent. But, hey is better being slow than hacked.
Here is a list of affected vendors and their respective advisories and/or patch announcements:
For many years, processor manufacturers – such as Intel – have been able to fix flaws in processor architecture through microcode updates, which write an update to the processor itself to fix a bug. For a – so far unannounced – reason or reasons, this vulnerability may not be fixable this way in Intel processors, so instead, operating system manufacturers have collaborated with Intel to release patches for the vulnerabilities.
Intel’s security advisory, INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method, lists forty-four (44) affected families of processors, each of which can contain dozens of models. ARM Limited has released an advisory titled Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism that currently lists ten (10) affected models of processor.
CERT has issued the following Vulnerability Note: CERT Vulnerability Note VU#584653, CPU hardware vulnerable to side-channel attacks
US-CERT has issued a Technical Advisory as well: US-CERT Alert (TA18-000FA): https://www.us-cert.gov/ncas/alerts/TA18-004A
FiRa IT Services recommendation
The solution for these vulnerabilities is to keep your internet ready devices updated to the latest released patches. Apply the updates as soon as possible or call your IT expert to work on this topic ASAP.
If you are one of FiRa IT Services Managed Services Customer, you can have peace of mind since all equipment under our agreement will be update and or patched accordingly.
If you do not have a Managed Services Contract with us, we recommend you to call to schedule an appointment immediately. This is a serious topic that hacker will be exploiting as much as possible before it get completely fixed.