It appears security researchers, manufacturers, and chipmakers — basically all companies dipping their hands on computer processors — may not be done with the whole Meltdown and Spectre fiasco.
In the past few weeks, the entire security industry has become tremendously concerned about the exploits in question, as they can be used to manipulate processor vulnerabilities — particularly those made by Intel — and extract highly sensitive user information.
A handful of companies have already rolled out individual patches and software updates to try and remedy this pressing issue, but a new report now proves that it's still largely unclear how bad this situation could go.
Fresh New Meltdown, Spectre Exploits
As The Register reports, researchers have come up with new ways to use Meltdown and Spectre to exploit vulnerabilities that go further than the proof-of-concept stage. A joint study by the Princeton University and researchers from Nvidia has provided far more sophisticated methods to use Meltdown and Spectre to extract critically sensitive user information from a system.
The worse part? A solution may not come any time soon. The Register mentions that hardware changes will not prevent these kinds of exploits. That means whatever Intel and other chip manufacturers are developing currently, they may not be enough because the exploits attack vulnerabilities within modern processor architecture that would prove tremendously difficult to change.
MeltdownPrime And SpectrePrime
So, how did this happen? Well, computer science experts from Princeton and a senior research scientist from Nvidia created a tool that imitates processor microarchitectures to analyze specific execution patterns, including Meltdown and Spectre attacks. They used this tool to come up with new methods to trigger the exploits, during which they found new ways to take advantage of the chip flaws. These latest exploits are called MeltdownPrime and SpectrePrime.
For the uninitiated, the Meltdown and Spectre flaws were the result of chip manufacturers sacrificing the security of processors to deliver faster performances. That's why the patches that address the issue often slow down machines when installed.
Modern chips employ certain "tricks" to speed up a system, often by using multiple resources simultaneously instead of sequencing them one at a time. In addition, the CPU will also guess what the software is about to do, and if it guesses correctly, things get faster. Meltdown And Spectre take advantage of these characteristics to acquire personal data that they shouldn't even have access to begin with.
The new variants of the exploits are based on cache invalidation protocols and employ timing attack techniques — Prime+Probe and Flush+Reload — to determine how a processor uses cache memory.
"We used our tool to specify a hardware execution pattern common to Flush+Reload side-channel attacks (i.e., a Flush+Reload threat pattern) and automatically synthesized security litmus tests representative of those that have been publicly disclosed for conducting Meltdown and Spectre attacks," the researchers wrote in the paper.
"We additionally formulated a Prime+Probe threat pattern, enabling our tool to synthesize a new variant of each — MeltdownPrime and SpectrePrime. Both of these new exploits use Prime+Probe approaches to conduct the timing attack. They are both also novel in that they are 2-core attacks which leverage the cache line invalidation mechanism in modern cache coherence protocols."
Only SpectrePrime has been tested on a real computer, while MetldownPrime has yet to get the same treatment. The researchers stress the point that while software can remedy things in the meantime, hardware changes may prove insufficient.
So, what does this tell us? Well, a possible scenario would be for Intel and other chip manufacturers to develop a new kind of technology that Meltdown and Spectre won't be able to exploit. But alas, that's easier said than done, especially considering that changing an entire chip architecture might be nearly impossible. Time, however, will tell.
