Saturday, May 5, 2018

The biggest security risk to computers so far this century?

The so-called Spectre vulnerability, making it easier to hack into computer systems thanks to the way modern microprocessors handle branch conditions, has been of concern for several months.  However, it now appears that the problem is much, much worse than originally feared.  German computer magazine C'T reports:

A total of eight new security flaws in Intel CPUs have already been reported to the manufacturer by several teams of researchers. For now, details on the flaws are being kept secret. All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.

. . .

One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.

Although attacks on other VMs or the host system were already possible in principle with Spectre, the real-world implementation required so much prior knowledge that it was extremely difficult. However, the aforementioned Spectre-NG vulnerability can be exploited quite easily for attacks across system boundaries, elevating the threat potential to a new level. Cloud service providers such as Amazon or Cloudflare and, of course, their customers are particularly affected.

. . .

Overall, the Spectre-NG gaps show that Spectre and Meltdown were not a one-off slip-up. It is not just a simple gap that could be plugged with a few patches. Rather, it seems that for each fixed issue, two others crop up. This is the result of the fact that during the past twenty years, safety considerations have only played second fiddle to performance in processor development.

An end to patches for hardware problems of the Spectre category is not in sight. But a never-ending flood of patches is not an acceptable solution. You can't shrug off the fact that the core component of our entire IT infrastructure has a fundamental security problem that will keep leading to more problems.

There's more at the link.  Some similar errors have been detected in AMD microprocessors as well.

This is an absolutely fundamental level of computer operations - in other words, any program (or hacker) gaining access to the central processing unit at this level can bypass almost every computer security program ever written.  Its implications for data privacy and control are absolutely horrendous.  As Karl Denninger points out:

Every one of you stupid ******* firms -- and governments -- that have put your crap in the cloud have already had it stolen along with all of your encryption keys.

If you think hostile governments don't know already know about and haven't been actively exploiting it for quite some time by now you're dumber than a box of ****ing rocks.

. . .


Again, more at the link.

Mr. Denninger is not exaggerating.  Most large corporations use so-called "cloud computing", keeping their data and critical software on third-party (i.e. remote) servers, which are not under their direct control.  Even the most sensitive organs of the US government, its security services, are doing the same.  Effectively, every one of those organizations is now vulnerable to hackers who can exploit the chips in the computers that run the "cloud", and access even the (supposedly) secure data in it.

This is absolutely horrendous for modern business and commerce, which depends on the Internet and its "cloud" data handling infrastructure for many of its most critical functions.  Every consumer was already at risk due to poor privacy and security provisions in most programs and data storage applications.  Now that risk has become a virtual certainty that our data has been compromised by malicious hackers - or, if it hasn't, it soon will be, because the hardware, the very chips that run almost all modern computer programs, are vulnerable.  Their manufacturers emphasized speed of processing over security measures - and now that's biting them (and us) where it hurts the most.  Worse, the new security "layers" that will have to be built into future computer processors will inevitably mean that they're much slower than current models.  That'll have a drastic effect on the efficiency of all data processing, whether in the "cloud" or not.

Effectively, any nation that wishes another nation harm can bring its computer-based commerce to a grinding halt by exploiting these vulnerabilities.  I suppose we're in for another "Mutually Assured Destruction" environment, where the only thing stopping that happening is the greater or lesser certainty that if one country does it to another, it'll be done in reverse as well.  If a nation thinks it can "insulate" its information technology infrastructure from such a counter-attack, it'll have little or no incentive to hold back its own computer aggression.

If the C'T report is true, the implications of this are simply staggering.



Unknown said...

David Lang says:

Computer Security is my day job.

While the vulnerabilities are real, the imlications are not quite as bad as they are being made out to be.

1. to use this, you need get your software to run on the same machine as your target

government cloud systems are separate physical machines than commercial cloud systems (exactly because exploits that can break out of a VM are possible)

Getting on the same machine as your target is hard, you can't predict what machine you will be on, you would have to keep starting new VMs and break out of them to see who you are sharing the machine with.

2. there are patches to mitigate these vulnerabilities by disabling the CPU features that are buggy. I expect that the big cloud providers are using them. These have a large performance impact (listed as "up to 30%" but one person reported a test utility that had a 75% slowdown)

A lot of critical processing is being brought back into dedicated computers, not shared computers (if you have a large enough VM that it takes the entire hardware, it's no more dangerous than running on a dedicated computer)

Also, AMD processors are not vulnerable to the most of these bugs, some people running in the cloud boot up, check what cpu they are running on and shutdown if it's not an AMD cpu

It's a very dangerous set of vulnerabilities, and Intel should be punished by the market for being eager to get high performance numbers that they ignored whole classes of security problems that were well documented in the '90s as the features they implemented were being researched. Unfortunately, too many companies are Intel-only, but if this keeps up, they may.

Jon said...

Computer malware is my day job, and I've got to completely agree with the first poster. I'm going to go further and say while these are *REALLY* bad, they honestly pale in the face of some of the zero-day exploits we have seen. And normal systems security procedures can prevent most problems.

Never trust the internet press when it comes to security. Because their job is selling clicks.

Since I invoked my day job, I'll post the analysis done by them:

Since I invoked my day job, let me say that my opinions are my own, and do not necessarily reflect my employers opinions.

Antibubba said...

If it's a hardware issue, how far back does it go?

David Lang said...

it goes back far enough that if you are using a computer with an Intel CPU, it's probably vulnerable. Anything manufactured in the last decade by Intel _is_ vulnerable, and many things before that.

so, basically anything since the Pentium chips.

warning, technical jargon ahead

The problem is that to speed things up, when a program needs to make a decision, the computer actually goes down both paths while it's evaluating which it should take.

Back in the '90s when this was the subject of Academic research, it was pointed out that if one of the paths hit any sort of security barrier, it needed to stop.

Intel ignored this and doesn't evaluate the security implications/permissions until after it finishes evaluating the decision. Unfortunately, during this time, the program can do things that can be detected by other software, so it becomes a way to bypass all permissions on the system. The only way to 'fix' the chips, is to disable a huge number of features that are critical to performing well.

AMD paid attention to the Academic papers and didn't make the same mistake. There are some smaller bugs that are part of the "meltdown/spectre" set that affect AMD chips, but they are far less severe, and far easier (and less performance impact) to defend against.