Spectre Class Vulnerabilities Continue To Exploit As Two New Variants Come To Light

A microprocessor infecting vulnerability was discovered by technological manufacturers in the summer of 2017 and information on the vulnerability named “Spectre” was subsequently released to the public at the start of this year. Since then, Intel, whose chips have been right in the mess of it all, has put a $100,000 bounty on the reporting of evolved vulnerabilities of the Spectre class and MIT’s Vladimir Kiriansky and self-driven Carl Waldspurger have secured the cash prize for bringing forward detailed research on the two newest version one branch vulnerabilities: the Spectre 1.1 and the Spectre 1.2, respectively.

In Kiriansky and Waldspurger’s paper published on the 10th of July, 2018, outlining the details of the Spectre 1.1 and Spectre 1.2 vulnerabilities, it is explained that the former “leverages speculative stores to create speculative buffer overflows” while the latter allows speculative stores to “overwrite read-only data” in a mechanism similar to the one used in the Spectre 3.0 class vulnerability known as Meltdown. Due to the fundamental nature of the Spectre class flaws, they are not something that can be thwarted entirely by a series of updates or patches, they require a complete change in the basic computer processing design, but the good news regarding the matter is that the attacks can only take place on devices that allow for greater freedom of exploitation where the malicious code can inhibit and run.

To prevent exploitation, Microsoft Windows has released software updates that upgrade the security definitions of the operating system and the Chrome browser has released security updates that prevent the javascript of one site from accessing that of another in order to halt the bypass of code from one memory location to another on the whole. Simply undertaking updates on these two fronts reduces the risk of exploitation by 90% as it protects the device on the home front and restricts the injection of malware from the internet. Without resident malicious content using cache timing to attack at certain points in order to extract private information stored on the device, devices are supposedly safe from the grasp of the Spectre class attacks.

Intel has released system updates to patch the exploits as best as possible in the current state of its devices and Microsoft has released user friendly mitigation guides on its website to allow users to avoid the attacks by following a few simple steps on their own PCs as well. The impact of the Spectre class vulnerabilities varies from one branch of the defect to another but it can be as dormant as virtually nothing yet on the other hand it can pose security threats by extracting data or even pose physical threats to the device by overloading the processor so that it overheats as is seen, not ironically enough, in a few HP Spectre devices facing the Spectre 3.0 Meltdown vulnerability.

To understand the Spectre class virus and why we may not wash away with it soon, one must grasp the nature of the methodology employed in today’s computer processors which is well explained in Intel’s Analysis of Speculative Execution Side Channels White Paper. In a race for the greatest processing power, many processors such as Intel itself have employed speculative execution that anticipates a command beforehand to allow for seamless execution which does not need to wait for prior commands to run before the next one can be executed. To improve the predictions, the mechanism uses side channel cache methods that observe the system. In this, a cache timing side channel can be used to gauge whether a particular piece of information exists at a certain level of cache. This is gauged based upon the time taken to retrieve the values as the longer the memory access period takes, it can be inferred that the further away that piece of data is. Abuse of this silent observation mechanism in computer processors has lead to the potential side channel leakage of private information by guesstimating its value in the same way as is done to predict command executions as intended.

The Spectre class vulnerabilities work in a way that exploits this mechanism. The first variant is one in which a piece of malware sends in a pseudo command code that prompts the speculative operations to take place in order to access the location on the memory needed to proceed. Locations not usually available on memory are made available to malware through this bypass. Once the attacker is able to place the malware in a location where he or she is interested in extracting information, the malware can act to send the speculative worker further out of bounds to retrieve operations whilst leaking the memory of interest in the cache level. The second variant of the Spectre class vulnerabilities employs a similar approach except from a branched sideline that infers data values in the same way in cooperation with a mainstream speculative operation.

As you can now understand, there is virtually nothing you can do to resolve this issue as malicious actors have managed to find ways to sink their teeth into the very loopholes of the fabric that founds the basis of Intel (and other including IRM) computer processors. The only action that can be taken at this point is preventative mitigating action that stops such malicious actors from residing in the system and taking advantage of this fundamental vulnerability of the device.

Intel: the most prominently impacted processor
Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.