When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples.
It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols" – out this month, bit boffins from Princeton University and chip designer Nvidia describe variants of Meltdown and Spectre exploit code that can be used to conduct side-channel timing attacks.
In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer's memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits.
Crucially, however, changes to the underlying hardware probably will not: that is to say, whatever Intel and its rivals are working on right now to rid their CPU blueprints of these vulnerabilities may not be enough. These fresh exploits attack flaws deeply embedded within modern chip architecture that will be difficult to engineer out.
Before you panic: don't. No exploit code has been released.
How did we get here? Well, Princeton computer science professor Margaret Martonosi, doctoral candidate Caroline Trippel, and Nvidia senior research scientist Daniel Lustig developed an unnamed tool – to be discussed in a subsequent paper – that models computer chip microarchitectures to analyze specific execution patterns, such as Meltdown-Spectre-based timing attacks.
They used their tool to explore fresh methods to trigger the Meltdown and Spectre design faults, and in the process identified new ways to exploit the processor flaws. These latest exploit techniques are dubbed MeltdownPrime and SpectrePrime.
One way in which the offshoots differ from their predecessors is that they are two-core attacks – they use two CPU cores against each other – and leverage the way memory is accessed in multi-core systems.
Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for yearsREAD MORE
The Meltdown and Spectre design flaws are a result of chip makers prioritizing speed over security.
Modern processors execute software instructions out of order in an effort to efficiently use all or most of their computing resources at any one given moment. This is faster than processing the instructions in a serial fashion, one after the other, which would leave sections of the chip idling. The CPU cores will also execute instructions speculatively, benefiting from a performance boost if they guess correctly which paths a program will take through its code.
Malicious software exploiting Meltdown and Spectre leverages these processor design characteristics to obtain privileged data, such as personal information, that it shouldn't be able to access.
Because accessing CPU memory is comparatively slow, chips include pools of faster memory called caches. The problem with having multiple memory units is you may end up with multiple copies of your data across a system.
Thus there are cache coherence protocols which ensure that multiple processor cores can share a consistent view of the state of the cached data and the system's memory. Through various operations, the state of a cache may be changed from, say, shared to invalid or from exclusive to modified.
Meltdown and Spectre are referred to as side-channel attacks because they exploit unanticipated side effects arising from these processor design characteristics.
Cache-based side-channel attacks involve attempts to discover privileged knowledge about a target application as it executes, in order to use that information against the host system.
Lock and load
The MeltdownPrime and SpectrePrime variants are based on cache invalidation protocols and utilize timing attack techniques known as Prime+Probe and Flush+Reload, which provide insight into how the victim is using cache memory.
"In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information," the paper explained. "By exploiting cache invalidations, MeltdownPrime and SpectrePrime – two variants of Meltdown and Spectre, respectively – can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel."
The variants are similar to the earlier attacks developed for Meltdown and Spectre, but they're not identical.
"Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol," the paper explained.
The researchers found that the cache coherence protocol "may invalidate cache lines in shared cores as a result of a speculative write access request even if the operation is eventually squashed."
The SpectrePrime proof-of-concept exploit was successfully run on an Apple Macbook with a 2.4GHz Intel Core i7 processor running macOS Sierra, aka version 10.12.6. (Apple's Spectre patch arrived in macOS High Sierra 10.13.2.) MeltdownPrime has not yet been tested on real-world hardware.
The researchers suggest that while software fixes for the original flaws will also neuter variant attacks, hardware changes may not be adequate.
"Given our observations with
lfence successfully mitigating Spectre and SpectrePrime in our experiments, we believe that any software techniques that mitigate Meltdown and Spectre will also be sufficient to mitigate MeltdownPrime and SpectrePrime," the paper concluded. "On the other hand, we believe that microarchitectural mitigation of our Prime variants will require new considerations."
Intel, the chipmaker most affected by these flaws, incidentally just announced an extension of its bug bounty program – just through the end of 2018 – covering side-channel vulnerabilities, with awards of up to $250,000.
We asked Intel for comment on the aforementioned research. A spokesperson was not immediately available. ®
Updated to add
In a statement provided to The Register via email after this story was published, an Intel spokesperson suggested existing hardware mitigations would be adequate without specifically addressing the doubts raised by the researchers.
“We have received a copy of the research report,” the spokesperson said. “The side-channel analysis methods described in that report are similar to techniques disclosed by Google Project Zero and referred to as Spectre and Meltdown. Intel anticipates that the mitigations for Spectre and Meltdown will be similarly effective against the methods described in that report.”