What should we do to against Meltdown and Spectre attacks?

First of all, the starting point of the event is that the Intel processor is bursting out because of a lack of design, which would result in the original normal program can have unprecedented high privileges, and even direct access to the data in the core memory, which undoubtedly for user privacy and device security Is an unprecedented nightmare over the years, and soon the loopholes evolve and evolve. Researchers call it “Meltdown” and “Specter.” Not only can you have the kernel-level power, potential harm, impact The vastness of the solution to the thorny are unexpected, so the exposure of the loopholes will only make a hubbub.

Causes of the incident and the loopholes in the harm: not to repair as a naked swimming, repair as a serious illness to heal

Last year, the Project Zero team at Google discovered a few chip-level vulnerabilities caused by CPU “Speculative Execution,” “Specter” (variants 1 and 2: CVE-2017-5753 and CVE-2017-5715 ) And “Meltdown” (Variant 3: CVE-2017-5754), all three of which are inherent architectural flaws that allow non-privileged users to access system memory to read sensitive information. Project Zero researchers at Google also found that every processor released after 1995 will suffer. Allegedly Google has already reported this loophole to Intel and intends to issue the loophole report next week, but science and technology media The Register has exposed this loophole ahead of time on January 2, after the other media ferment became this present situation, then Google Also choose to publish the report in advance to reduce the user’s security risk.

At first, people concerned about this loophole because in principle, except that the chip was redesigned, there was almost no opportunity to completely eliminate the risk. However, the repair would cause performance degradation, which is the cause for concern. However, as some professionals dig data and found that the impact of the processor is very wide, in addition to including Intel, but also includes AMD, ARM processor in the “blacklist”, which means that both Windows, Linux, Mac system or mobile Android, there are potential security threats. In principle, this vulnerability is so much concerned because these vulnerabilities allow malicious programs to access sensitive content stored in core memory, such as in-memory data that can cause hackers to access personal computers, including user account passwords, Application files, file caching and more. But Intel alone said in the official journal does not think these vulnerabilities have the potential to damage, modify or delete data. At present, some reports think this chip-level security vulnerability security update is not perfect, even if the installation of security patches can also have an impact on performance, especially some old processors.

Intel is how to explain to us: no one imagines the serious, is ready to repair

“Meltdown” and “Specter” will pose a significant threat to Intel’s processors, even AMD, and ARM, and given the market share of these three, few products will survive. Technically, “Meltdown” takes advantage of predictive execution features in processor designs to get kernel data in user programs, directly breaks the core memory protection mechanism and allows malicious code to access sensitive memory directly, affecting all Intel designed to execute the processing sequence, the other sequential execution of the processor will not be affected. Specter vulnerabilities threaten cloud service providers by tampering with the memory of other applications and tricking them into accessing the addresses of core memory.

Not long after the incident began to ferment, Intel issued an official statement stating that the vulnerabilities were “Intel-exclusive” and considered both the AMD and ARM processors to have the same issues, and Intel itself would compete with AMD, ARM, and more Many operating companies such as home operating system vendors work closely together to develop a worldwide approach to rapid and constructive problem solving. And the performance loss that the equipment feels is determined according to the work environment, the loss that the ordinary user felt actually did not have imagined huge.

From Intel’s own statement, it can be seen that Intel is all about expressing an idea that “the problem exists, but everyone treats it calmly”. However, Intel’s share price once fell more than 7% and its rival AMD gained 8.8 %, Even NVIDIA also rose 6.3%. It is worth mentioning that Google has been on a year’s notice of their problems Intel processor, Intel CEO Brian Krzanich did not take long (about the end of November 2017) to sell a lot of hands holding the stock (now the rest 25 million shares, the minimum requirement of a hiring agreement), these stocks worth 24 million US dollars, and now it seems he really is a foregone conclusion, no wonder can be a CEO.

AMD Fight Against Intel Statement: There is almost no problem with our stuff

AMD was somewhat dissatisfied with what it said appeared in Intel’s official statement. It did not take long before the Intel official statement made a response. AMD officially said that due to the different chip architectures, AMD’s products have both problems in terms of security crisis and performance degradation A lot of optimism, first of all, “Specter” can be repaired by software and operating system patches, almost no performance impact, and because of the different architecture, “Meltdown” AMD processor will not have any impact, we can say that the exposure The loopholes and AMD just rags, rather than hit the face.

In AMD official website published a statement: Information Security IS AT A Priority AMD, the article said three vulnerabilities in two attacks principles and AMD is almost insulated, Completely useless to AMD. Yet another attack can be fixed by a security patch, and AMD said it will be minimal in the most important loss of performance.

We originally thought that the loophole was Intel exclusive, and later the form worsened to penetrate the AMD processor, and then these three vulnerabilities even affect ARM’s Cortex family of processors, ARM listed in their blog developers The Cortex model affected indicates that both current and future ARM processors will provide patch updates to prevent malicious application attacks. Currently, including Intel, AMD, ARM, Microsoft, Amazon, Google, Apple have said the repair patch will not have a significant impact on performance.

Specific information can browse ARM official blog

Will patch repair affect performance? Cloud service manufacturers say so

On January 3, Intel listed all its processors affected by the CVE-2017-5715 vulnerability on its website, and the list shows that even the 45nm Core i7 8 years ago has problems, and Intel once again emphasizes that either AMD and ARM have similar problems. Performance is one of the players most concerned about, most of the reports claim that the restoration will reduce processor performance, it will lead to such a heated discussion. For example, Linux system, the performance will be reduced after the repair KPTI patch because it will prevent the non-privileged user code to identify the virtual address of the kernel (the kernel into a separate address), but the program needs to use the kernel switch address Will result in performance degradation for Intel processors impact performance will be about 5% to 30%, some tests will have a 50% loss of performance.

For Meltdown, Linux has released the KPTI patch mentioned above, macOS is also fixed from 10.13.2, Google urges users to have their Android and Chromebook devices up-to-date, and Android users must install the January 2018 Security patch As for the most used Windows system, Microsoft has released an emergency patch KB4056892 for Windows 10/8.1/7 users. “Specter” is a bit tricky, and patches are still being developed. In view of the huge impact of this incident, Intel will also consciously launch a security patch with each vendor.

Intel released two security announcements today, one of which is the introduction of an updated protection system against exploits. By the end of the next week, Intel is expected to provide patch updates for 90% of the products in the past five years. Another is to show that Apple, Microsoft Amazon, and Google test results show that the update will not have a significant impact on performance.

Consumer statement: privacy and performance how to choose?

This incident is more serious than the previous ransomware virus and involves almost all users who use Intel processors. Although it is clear from Intel’s statement that Intel has tried its best to make remedies, it also shows the privacy of our users Almost no protection, if there are more similar incidents, once the successful attack by hackers, follow-up remedial work is also very difficult to restore the user’s interests. Some of the major forum sites, some users seem to Intel’s attitude is more negative, because with or without security updates, they all think their own interests have been compromised, there are some optimistic users that this loophole to their own did not influences.

If you are more focused on your privacy, it is a good idea to actively install security updates from vendors such as Microsoft, Apple or Google. In addition to being passively receptive to updates, we also need to be mindful of our PC habits and, as AMD puts it, do not click on unidentified connections, enforce strong cryptographic protocols, use secure networks, and periodically accept secure software updates.

Judging from the current situation, AMD processors are more immune to both vulnerabilities than Intel, and buying AMD processors is also a good bet if there are recent plans to focus on personal privacy. I believe after this incident, the future of Intel processors will also be redesigned in the architecture, completely plug the loophole, and Android mobile phone users should pay more attention to the manufacturers push recently updated.

This loophole may be just the beginning, and we will keep track of this incident.