New MeltdownPrime and SpectrePrime exploits surface
In January 2018 the world was shaken by Meltdown and Spectre vulnerabilities. Fastforward to midway through to February, and the news have fizzled. Software and Hardware manufacturers have continued mitigating the issues. But now researchers have unveiled new exploits with the "Prime" suffix.
The breadth and depth of the Meltdown and Spectre vulnerabilities have been acknowledget to be unprecedented. Unexpected attack vectors like browsers using JavaScript could be exploited by Meltdown and Spectre vulnerabilities. As opposed to Skyfall and Solace exploits, which were found to be a hoax, these are legitimate with proper backing.
It will be difficult to handle fixes in software alone, but Intel has announced that it's future CPUs will no longer be vulnerable. According to researchers Caroline Trippel, Daniel Lustig, Margaret Martonosi their new class of vulnerabilities, MeltdownPrime and SpectrePrime, might be impossible to defend against in implementations using CPU speculative execution.
Sidechannel attacks were the first wave the of Spectre (variants v1 and v2) utility for exploits. The trio of researches have come up with a new method for exploiting the vulnerabilities using using Invalidation-Based Coherence Protocols. More importantly they seem feasible in real applications as they can be automatically generated.
The security research team behind the Prime series of vulnerabilities have created a tool that is capable generating user specified hardware executions automatically. These low level commands on the CPU level are incomprehensible (written in a domain specific language) to people, which is why they are created automatically.
Successfully created exploits include to class of Flush+Reload attacks as well as one using Prime+Probe timing attacks. The complexity is high, but with automated tooling they can be exploited at scale. These classes can also target multiple CPU cores (two at now) using a shared cache, which was not possible with first Meltdown and Spectre exploits.
The team concludes that mitigation techniques can be largely the same as for the original exploits can be used, but generic hardware level protection can be difficult, maybe impossible, to implement. As working proof the team created an exploit written in the C language that worked 99,95% times out of 100 test runs. An Apple Macbook Pro using macOS Sierra was used for the test.
The complete study can be downloaded from here: http://arxiv.org/pdf/1802.03802.pdf
Tweet