22-year-old Google cybersecurity researcher tell how to find CPU bugs
On January 17, Bloomberg published an article on Wednesday, introduced the first report of Intel’s major chip loopholes on Google genius researcher Jann Horn. Horn gifted, childhood good at mathematics and physics, in high school, found the school computer network security issues, which made his teacher dumbfounded.
Jann Horn, Source: Stiftung Jugend forscht e. V.
The following is a summary of the article:
In 2013, a teenager named Horn participated in a reception hosted by German Chancellor Angela Merkel in Berlin. At that time, he and another 64 German teenagers performed well in a government-run competition. The competition is designed to encourage students to engage in scientific research.
Horn really went on the path of scientific research. Last summer, as a 22-year-old cybersecurity researcher, he first reported the biggest chip loophole found in history. Now, the industry still did not get rid of the impact of his discovery. From now on, the processor will use a different design. The discovery made him a celebrity, even though he himself did not. This can be seen at a meeting held last week in Zurich: At the time, he was warmly received by the organizers of the conference and received many questions.
Interviews with Horn and those who know him show that firm will and extraordinary talent helped Horn find the loophole that has existed for more than a decade but has never been noticed. The vulnerability could result in the attack on most PCs, the Internet, and smartphones.
Several months after Horn unbelievably discovered the loophole, other researchers discovered. “We have a few teams and we have a clue as to where to start. He is a little startled from scratch,” says Daniel Gruss, a member of the Austrian Graz Technical University team, who later uncovered what he now knows Meltdown and Specter vulnerabilities.
When Horn began reading the thousands of pages of Intel processor manuals at the end of April last year, he did not try to find a major loophole in the world’s computer chips. He said he was just trying to make sure that the computer hardware was able to deal with a particularly large amount of digital arithmetic code that he had written.
However, Horn works on the Google Project Zero team. The elite department is made up of top talent looking for “zero-day” and unexpected design vulnerabilities that could invade computer systems by hackers.
So, he began to carefully study how the chip performs speculative execution. Speculative execution is a speed-boosting technique that allows the processor to guess a portion of the code to be executed in the next step, perform these steps in advance, and grab the data it needs. Horn said Intel’s manual states that if the processor guessed wrongly, then the data fetched by mistake was still stored in the chip cache.
Horn realizes that once this is done, the message may be used by savvy hackers. “At that time, I realized that we were using code patterns that could reveal confidential data,” Horn said in an email. “I was aware at the very least that in theory, it might not only affect what we were writing Code snippet. ”
So he started a further investigation what he called the “gradual process,” and eventually found the loopholes. Horn said he had known about other researchers at the time, including research from the team at the Graz Technical University. The theme of these studies is that a slight difference in the amount of time it takes for the processor to retrieve information may give hackers access to where the information is stored.
Horn discussed the issue with Felix Wilhelm, another young researcher at Google in Zurich. William provided Horn with a similar study he and other researchers had done, which led to Horn’s “debauchery.” The technology being tested by William and other researchers may be reverse-processed, forcing the processor to run new speculative execution routines that are not usually attempted. This fools the chip to retrieve specific data that may be available to hackers.
After accidentally discovering the chip attack, Horn said he consulted with Robert Swiecki, an old Google colleague. Horn had borrowed from Swiecki’s computer and tested some of his thoughts. Swiecki provided him with advice on how best to notify Intel, ARM, and AMD about the vulnerability.
On June 1 last year, Horn told Intel, ARM, AMD informed of this loophole.
Wolfgang Reinfeldt, a Horn computer science teacher at Caecilienschule High School in Oldenburg, Germany, was not surprised at Horn’s success. “In my mind, Horn is brilliant,” he said. Horn had discovered the security problems in the school’s computer network, making Rheinfelter have to admit that made him dumbfounded.
Horn is good in mathematics and physics in his youth. To attend Merkel’s reception in 2013, Horn and an alumnus conceived a way to control the movement of double pendulums. A double pendulum is a well-known math puzzle. The two wrote software that used sensors to predict the movement of double pendulums and used magnets to correct unintended movements. The key to solving this problem is to move the double pendulum regularly. The two eventually finished fifth in the competition and were invited to attend the Merkel reception in Berlin, which initially showed Horn’s personal abilities.
Now, Horn has become a star, at least in the cybersecurity circle like this. On January 11, just one week after the “meltdown” and “ghost” loopholes were announced, a conference on cybersecurity was held in Zurich. While Horn presented his discovery of “melted” and “ghostly” holes in the packed auditorium, his fellow undergraduate researcher gave him a thunderous applause.
Source: Bloomberg
