Nimish SawantJan 04, 2018 12:28:24 IST
Most of us use computers which house Intel and AMD processors, and then you have the Windows or Linux or macOS operating systems running on them. While the AMD processor running systems are supposedly fine, those running on Intel chips will need to gear themselves for some bad news: A security flaw discovered in the Intel chips that were made after 1995, requires an OS level update, which is expected to bring down the processor performance by 5 to 30 percent.
There is a lot of news floating about this security flaw, which was discovered by The Register, but in case you are still confused about what the fuss is all about, let us try and address the issue for you.
Here is everything you need to know about the Intel chipset security flaw.
So what is this Intel security flaw?
Intel chips that were made post-1995 have been discovered to have a security flaw or bug. According to this, there is a bug at the kernel level which has been found to be leaking memory. This could let hackers access or read your sensitive data such as passwords, login keys and more from the chip itself. In the extreme cases, hackers could also insert malware into your PCs via this opening. This vulnerability isn't just limited to individual PCs, but could also affect servers in data centres that run cloud computing services. Think Amazon Web Services!
Wait, what's a kernel?
Think of the kernel as the central nervous system of an operating system. It is like the god program that controls other programs running on your machine. Every multi-tasking operating system uses a kernel, so that includes Windows, Linux, Android, iOS, macOS and so on.
The diagram above shows how the kernel is the mediator between the software and the device hardware such as the processor, memory as well as other plugged devices. So in a sense, it manages the memory resources, CPU resources as well as the processes required to run the software. Any time you fire up an application, turn on Bluetooth or Wi-Fi, turn on that game — everything goes through the kernel. Your PC is switching between the user mode and the kernel mode to ensure that instructions being given to your system are giving the right results.
The flaw appears to be letting attackers bypass the protections surrounding the kernel access, which lets any regular app read the contents of the kernel memory.
Which systems are affected? How do I find out if my system is also affected?
Any system with an Intel chip is affected by the flaw. The speculation is that this bug is affecting all Intel x86 processors irrespective of the OS running on the system. There is no way to know it, as there are no traces left in traditional log files. Desktops, laptops and even cloud computers running on Intel chips have been affected. Since it is an x86 chip issue, systems running Linux, Windows, as well as macOS, have been affected. The Python Sweetness blog notes that the attack could impact common virtualisation environments such as Amazon's EC2 and Google Compute Engine.
What's Meltdown and Spectre?
Meltdown is the name given to the vulnerability which affects Intel chips whereas Spectre is the name been given to vulnerabilities in other chip vendors and affects all chips, including ARM, Intel and AMD.
Meltdown is an exploit that breaks the secure separation layer between user applications and the operating system. Memory spaces between applications are segregated and protected to prevent accidental interference with each other's data. Meltdown lets malicious software break this protection. This attack lets a program access the memory and the operating system. Systems with vulnerable processors and those running an unpatched OS, need to beware and not work with sensitive information. It was discovered by Jann Horn (Google Zero Project), Werner Haas and Thomas Prescher (Cyberus Technology) and Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology). Here are the patches to fix the Meltdown exploit.
Spectre, on the other hand, breaks the isolation between different applications, which will let hackers into tricking programs to leak their secrets. This affects not just PCs, but also mobile phones, embedded devices and other devices housing a chip. Spectre was reported by Jann Horn (Google Project Zero) and Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).
According to this FAQ, there is no known misuse by exploiting the Meltdown or Spectre vulnerabilities that have been recorded yet.
How will it affect me?
The bug lets hackers get access to the kernel memory. Now as we read above, everything passes through the kernel when it comes to the operating system. So the kernel memory could house some private data which is accessible to hackers.
How is the issue being resolved? What do I have to do?
In the ideal scenario, it is a chip issue and Intel should be fixing it. But experts say that the fix cannot be implemented as a microcode update, and has to be fixed at the OS level.
According to TechCrunch, Meltdown can be fixed by having a stronger wall around the kernel; the technical term is “kernel page table isolation.” This will make the kernel invisible to the running processes. Spectre will take some time to get fully fixed.
In the long term, Spectre could be more serious than Meltdown. While Meltdown can be fixed, albeit, with a performance hit, Spectre seems almost impossible to fix completely and will possibly require a complete rework of how a modern CPU functions. Fixes for Spectre affect only known vulnerabilities. An analogy would be a leaky ship. You know you're taking on water, just not where it's coming from, and you're patching holes as and when you find them.
Linux devs have released a kernel patch. Microsoft is expected to release its security patch soon as part of Patch Tuesday on 9 January. Microsoft has tested it on the Windows Insider preview build. Apple claims that its systems are protected against the exploit with the macOS 10.13.2 release, and additional safeguards will come out with macOS 10.13.3.
As a user, you will have to be on top of any security update that your OS releases and ensure that your system is updated with it. Also, ensure your security software is monitoring for any untoward activity. Intel has also advised running your security software at regular intervals.
Will everything be back to normal after the patch addresses the bug?
Well yes, but there's a catch. The OS level fix is expected to prevent kernel memory from leaking, so that's a good thing. But this will come at the cost of your system performance coming down in the range of 5 to 30 percent, according to The Register. User PCs having Intel 4th gen processors will not suffer as much as those sporting older processors. Virtualisation applications and data centre or cloud workloads are expected to be affected more. Intel says that the performance hit depends on the workload and won't be much for average home PC users. Amazon Web Services has warned customers in an email to expect a major security update to come on Friday.
What about AMD processors?
AMD has released a statement saying that machines sporting AMD processors are not affected by this bug. "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault," said AMD.
In such a scenario, AMD processor housing systems should not be affected. But if the OS vendor does not make exceptions for the change in OS level code from affecting AMD systems, then there could be some performance hit. As of now, this is in the realm of speculation.
Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.