Meltdown: A Security Flaw like No Other

Meltdown: A Security Flaw like No Other

With the potential to affect almost every computer with a microprocessor inside it, the Meltdown security vulnerability is creating some serious seismic activity in the computer industry.

Perfectly named, Meltdown promises to send operating systems (including Windows, Android, macOS, iOS and Linux) into a catastrophic state of not only vulnerability, but also reduced performance. It’s the type of security flaw that experts would be grateful if it was only limited to a handful of products, but Meltdown has the potential to affect any computer manufactured with either an Intel x86 or certain ARM microprocessors.  And it’s a flaw which has been present in Intel chips for over 20 years now.

It’s a vulnerability that the digital age really didn’t need and it’s left security experts questioning the reach that this security flaw could have. And, for microprocessor manufacturers, it’s put them under intense pressure to reassure consumers and issue patches. Therefore, it’s time to prepare yourself for Meltdown.

What is Meltdown?

To understand the modus operandi of the Meltdown exploit, we need to start by looking at the operating system kernel. Now, the kernel acts as a bridge that allows hardware and software to communicate with each other. Without this mediation, computer systems would be unable to effectively allocate CPU and memory power to multiple applications. Acting as the heart of any operating system, the kernel is a sensitive and crucial component.

In order to maximize performance, computer systems perform speculative execution; this is a method by which processors perform a task before it’s known whether or not it’s required. The aim of speculative execution is to prevent delays incurred when it’s known for sure that processor power is required. And it’s always been fine, until several different research teams discovered a massive flaw in the hardware behind speculative execution.

Standard practice is for only privileged applications to be allowed access to the kernel.  However, through the use of a side channel attack, attackers are able to observe the kernel and all its activity. This access is completely invisible to the victim, but exposes sensitive information such as logins, passwords and any scrap of data housed on that computer. As Meltdown is purely a read-only vulnerability, there’s no risk of computers being trashed by attackers, but the security concerns are monumental.

Naturally, the data handled by the kernel has always been rigorously secured, but, as Daniel Gruss from the Graz University of Technology discovered, not rigorously enough.  You see, just before speculative execution produces its results, it stores them in cache of memory allocated to the system’s processor. And, by firing snippets of code at the processor, a hacker can easily work out if the data is being stored in the cache by the time taken for the processor to respond. This grants the hacker to access restricted data quite freely.

Speculation by security experts suggests that every single Intel processor built since 1995 is at risk and, as you can imagine, this takes in a huge number of different processors. ARM, meanwhile, have confirmed that their Cortex-A processors are at risk of being exposed to Meltdown.

Protection from Meltdown

As with all security vulnerabilities, the key to protection is to update everything as soon as possible. Microprocessor manufacturers, keen to protect their assets and reputation, have been working round the clock to deliver patches to help solve the Meltdown conundrum and ensure that affected systems remain protected. The first patch was released by Microsoft on January 3rd to aid Windows in protecting itself from Meltdown with Intel, Apple and ARM soon following suit.

Revised firmware updates, for Intel at least, will then be issued by product manufacturers (such as Dell and HP) for the foreseeable future. In the meantime, Intel aim, by the end of January, to have released firmware updates for all of their processors released in the last five years. With all the affected CPU manufacturers attempting to remedy Meltdown, you could be forgiven for thinking that this intriguing chapter of IT security was coming to an end. However, the patches and firmware upgrades are coming in for major criticism.

The Meltdown Slowdown

Whilst the actions taken by Intel et al to patch their vulnerable hardware are admirable and effective, they’re also creating a new set of problems for computer users. The most immediate and measurable side effect of the patches is the decrease in performance. Due to the changes in memory handling required to circumvent Meltdown, processors are now having to work harder and this is putting a drain on resources.

For the average consumer, the effect upon performance shouldn’t be noticeable, but that’s only if they’re working with a relatively new computer system that contains, for example, Skylake or Kaby Lake microprocessors. If, however, a consumer is running a version of Windows 10 with an older processor then there’s a good chance they will notice a decrease in performance. And if a consumer has persevered with Windows 7 or 8, the slowdown will be significantly more noticeable.

It’s when you analyze the impact of the patches on servers, though, that the performance issue really rears its ugly head. Microsoft, for example, have announced that Windows Server will suffer “a more significant performance impact” when running with the associated patches to protect from Meltdown. It would appear, therefore, that Microsoft is actually advising their customers to risk a major security exploit in order to maintain the performance of their servers. And this seriously underlines just how far away from an efficient patch Microsoft are.

Security researcher Thomas Roth, meanwhile, has been testing a number of different chips and discovered that an updated Intel i7-6700 microprocessor running Ubuntu 16.04 is producing communication between applications and the kernel that is now up to four times slower. Roth believes that performance will be hit hardest in sectors such as large websites, search engines and cloud providers. And, just to prove his point, the increased processor usage brought on by patched processors has been blamed for slowing down the cloud based service that powers online game Fortnite.

Final Thoughts

Meltdown has, thankfully, been prevented due to the number of patches and firmware upgrades released in the wake of its public revelation. However, it’s a damning indictment of the hardware industry that this security vulnerability has lain dormant for over 20 years. Whilst the security researchers who discovered this flaw are no doubt talented, there are more than enough hackers out there who are equally as talented. And this is highly disturbing for our online futures.

There’s also the small matter of performance drop in those microprocessors which have been patched. Whilst a slight lag in performance is much better than sensitive data being compromised, the impact of this lag has already been demonstrated. And, for businesses and large organizations, the possibility of their activities being severely disrupted is very troubling.

As with all major security risks, the main takeaway appears to be that patching is essential when it comes to protecting your systems and your data. Without these immediate fixes, you’re more vulnerable than ever before. And with vulnerabilities being shipped with the majority of computers manufactured in the last 20 years, you need all the help you can get.

Leave a Comment