What you need to know about the latest processor hacking threat

Summary

Processors, the brains that run your computers, phones, and other computing devices, have an architectural flaw that could –in theory- allow someone to access your data. This post contains information to protect yourself from this processor hacking threat.

What is affected – Nearly every computing device that has a processor.
Risk level – Low. Exploiting this flaw would require significant effort and requires someone to put malicious software on your device before they can steal data. As far as researchers are aware, the flaw has not been exploited yet.
What is being done –Microsoft, Apple, and Linux are releasing patches for their desktop and mobile operating systems. Google, Microsoft, and Mozilla are patching their browsers.
What should you do – Make sure you install the latest software updates and patches on your computers, tablets, and phones.

If you have any questions or concerns about this flaw and how to protect yourself, call us directly at 303.757.0779.

 

Detailed Analysis

By now, you have probably heard about the recently publicized flaws that affect nearly all processors.    Theses flaws are named Meltdown and Spectre, and they both exploit fundamental issues in the way modern processors execute instructions.  Meltdown currently affects Intel processors and some ARM processors, and it can be patched through software updates that will be available soon.  Spectre on the other hand affects nearly all modern processors including those from Intel, AMD, ARM and other manufacturers.  Spectre is an architecture flaw and it is currently not able to be completely patched out.

You may be wondering what these flaws do.  In the simplest terms, they allow access to data in a processors cache.  The cache is a relatively small allotment of memory where instructions are stored as information is processed by the CPU.  This cache is not holding data for long, but any file or program accessed must push data through the cache and CPU briefly.  On an individual server or workstation basis, this would be a highly ineffective way to exploit a system and gather data.  Viewing a photo, for example, would require information to be pieced together from tiny pieces of data stored across many memory addresses.  This would be like shredding a dictionary and asking someone to find the definition of laborious.

The more critical aspect of this flaw involves sever virtualization in cloud environments.  Providers like AWS and Azure allow people and companies to create virtual servers in their environments.  These virtual servers live on a host called a hypervisor.  All of the virtual machines on this host share resources including CPU, but they are walled off by design from the virtual machines of other clients or tenants.  It has been shown that exploiting Meltdown and Spector could allow an attacker to leach data from the processor cache for all virtual machines sharing that processor resource, even if they are different clients / tenants.  This is not an effective way of accessing larger files, but could reasonably allow access to credentials or private keys while they are being processed.  This is a problem for companies that may process hundreds of thousands of login requests per day, but also a security concern for other clients that may be sharing the same physical CPU resources.

While these exploits are serious, there is some good news.  To start with, these flaws require malicious software to be deployed in order to exploit.  This means that the protections we currently have in place like firewalls, antivirus and mail filtering will help to safeguard against it.  Additionally, the exploit itself allows an attacker to read but not add, modify or delete data from the processors cache.  Basically, it is an inefficient exploit for targeting most of the small and midsized business community.

Patches are on the way for Meltdown along with patches protecting against some aspects of Spectre.  Windows, OSX and Linux patches are already being pushed out, and we will be monitoring their progress over the coming days.  Phones and tablets are at risk, but are also receiving patches to help mitigate the risk.  Unfortunately, these patches will cause a performance hit on some systems.  The performance hit is largely dependent on the software being run, most users will not notice an impact.  The only way to guarantee that there is no performance decline is to disable the patch, which would leave the system vulnerable.  Go here to see a list of systems and patches.

Meltdown and Spectre may not be fully eradicated until there is a shift in architecture design to combat these flaws.  That said, the real world risk to small and mid sized business has not grown substantially with the reports of these new exploits.  There have long been other, more efficient ways to steal corporate data, and we are already guarding against them.  New information continues to surface about these flaws and we will continue to monitor them and update our blog as necessary.