Security flaws have been revealed in the design of Intel’s x86 processors, the design that has been in place for the last 20 years. Their names are Meltdown, Spectre, and a Spectre variant 2. These cache timing attacks allow hackers to gain access and steal passwords or encryption keys on most types of computers, smart phones, and cloud-based servers. Meltdown is for Intel processors while Spectre is used to attack numerous processor types. Almost all of our computers are run by Intel, Qualcomm and ARM processors, which all fall under the susceptible category.
The exploits are known as Side-Channel-Analysis exploits and work by taking advantage of a feature within the CPU architecture whereby, during idle period, the CPU tries to speculatively pre-fetch (guess) what information is going to be requested next. That information is then held in a cache (temporary storage area) ready to be used. Whatever work you are doing will alter how much pre-fetching is going on. Part of the problem is that the CPU cache is accessible and it shouldn’t be. Therefore, if an attacker (via malicious code on a website) can make the CPU think that certain information is likely to be needed soon, the information will get cached and can then be read by the attacker (information such as website passwords and usernames).
These issues have been assigned the following CVE entries:
- Meltdown: An attacker can access kernel memory from user space rogue data cache load (CVE-2017-5754)
- Spectre: An attacker can read memory contents from other users’ running programs
- Branch target injection (CVE-2017-5715)
- Bounds check bypass (CVE-2017-5753)
Google Project Zero published a blog providing technical details regarding these vulnerabilities. An example attack scenario would be an attacker stealing credentials from the memory space of another process. Two criteria must be met in order for these vulnerabilities to be exploited.
- The device being targeted must utilize an affected Intel, AMD, Qualcomm, or ARM processor (most processors from the last 10+ years fall into the category of “vulnerable”).
- As with all vulnerabilities, applying published patches is a crucial step to preventing an attacker from successfully exploiting these vulnerabilities
- Update your operating systems
- Patches for different affected products can be found here: https://meltdownattack.com/#faq-advisory
- Only run software from trusted sources
- It is also recommended to limit the access to critical infrastructure networking equipment to only trusted administrators from trusted administrative networks or hosts
- Do not allow websites to run untrusted code
- Web Security Appliance (WSA) can be used to block access to known malicious sites
- FirePower NGFW can be used to block network based attacks leveraging these vulnerabilities
We are here to help!
Network Craze can help review configurations, discuss your concerns and implement best practices. We have engineers on staff that can help walk you through the process to help you protect your network. Call us today to set up an appointment with one of our specialist’s or Cisco CCIE’s.