My feed
Premium

Please
or
to access all these features

News

How worried do we need to be about the Intel chip security flaw?

17 replies

OhYouBadBadKitten · 03/01/2018 18:43

bbc article
I'm not so worried about the security issue - but the idea that everything with an intel chip in it could be slowed between 5-30%? That's surely pretty disastrous? What sort of impact would that have on everything from number crunching weather forecasts to internet servers?

OP posts:
Report
OhYouBadBadKitten · 03/01/2018 20:10

I don't think I can be the only one thinking that this could be quite a big problem?

OP posts:
Report
PiffleandWiffle · 04/01/2018 08:18

If it was in one of the older chips your PC has probably already slowed by that much due to age & crap. If it's on a newer one you may notice or you may not. I'll worry about it when (if) it happens.

PS - the weather services are crap so I don't think slowing anything down will make any difference!! Grin

Report
StealthPolarBear · 04/01/2018 08:21

It sounds like this sort of thing happens all the time and we don't usually know. That said I don't know if there are consequences of this one being made public iyswim

Report
OhYouBadBadKitten · 04/01/2018 08:24

Shock wash your mouth out!!

It's reported to be all chips over the last decade. Whilst annoying for home machines, I think this could be a much bigger issue than we think. Was talking to dh about Air Traffic Control for instance. That's a time critical number crunching application.
Or it could be like the millennium bug - not a problem after all.

Thanks for taking pity on my poor abandoned thread Grin

OP posts:
Report
OhYouBadBadKitten · 04/01/2018 08:25

oops, x post Stealth!

OP posts:
Report
OhYouBadBadKitten · 04/01/2018 08:30

Fascinatingly I see the info about the potential slowdown has been removed from the bbc, so either
a) it's not true
b) they don't want to scare people off from applying the patches.

OP posts:
Report
OberonTheHopeful · 04/01/2018 14:59

I think it is too early to tell if there will be a significant performance impact as not all patches/updates have been released, and it will then be a while before people start to measure any impact they have. Apple's December update (MacOS 10.13.2) has partially patched one (of the two) Intel vulnerabilities, and there don't seem to have been reports of this update causing performance problems, but then it doesn't apply to machines older than a few years.

In security terms this is potentially very serious indeed, and I'm surprised that mainstream media haven't picked up on it more. The fact that Intel and AMD are currently downplaying it probably has something to do with commercial considerations. Personally, I've never rated the BBC's reporting on technology issues very highly.

There are two related vulnerabilities, "Meltdown" and "Spectre". The first affects most Intel processors produced since 1995. It is easy to exploit, but fairly easy to patch. How any patches affect performance will depend on what tasks a computer is performing. Anything that, for example, uses a lot disk reads/writes or network activity will likely be affected quite a lot. Playing games, using email, word-processing etc. probably much less so.

The second vulnerability, "Spectre", affects processors from Intel, AMD, and some ARM core designs. It is complicated to exploit, but also complicated and difficult to patch. Some other software apart from the operating system itself (e.g. Chrome, Firefox) may be vulnerable.

Both of them allow an attacker to read the contents of kernel (operating system) memory that should normally be protected. It can contain things like passwords and encryption keys. Intel's statement that they released yesterday is pretty useless, and comes across as just a PR (or 'arse-covering') exercise.

Report
prh47bridge · 04/01/2018 18:44

The estimates of a slowdown seem to be very much worst case. In most cases people will see little or no change in performance.

In security terms this is potentially very serious indeed

I'm unconvinced. Much of the media reporting is based on a report that appeared yesterday in The Register that was clearly written by someone who did not understand the issues properly and contained a significant number of technically inaccurate statements. The code needed to exploit this is very complex to write and extracts data pretty slowly in computer terms. And it would be extremely difficult, if not impossible, to identify passwords and encryption keys through this kind of attack - that looks like media speculation and has not been alleged by those who actually understand this vulnerability. Even if it is possible, there are much easier and more reliable ways for attackers to get this information than exploiting this vulnerability.

The Intel statement looks to me to be an accurate statement of the facts. If you want technical details look at googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html.

Report
OberonTheHopeful · 05/01/2018 07:58

Interesting, I still think it's too early to tell what any performance impact is likely to be as nobody has performed any benchmarking, and it's likely that applications will have a significant bearing on any performance degradation. However, given that the vulnerabilities themselves arise directly from implementations of speculative execution, I'm not sure I would go as far as saying that most people will see little or no change in performance as yet. Patches are at the OS level, as a microcode update wouldn't be effective.

prh47bridge, do you have some data to suggest that any performance impact will be negligible? Having recently bought a new laptop I'd find it encouraging! Do you, for example, think that there will little impact on processes that make numerous kernel calls when the OS is fully protecting kernel memory? Surely with the kernel fully protected from user process memory, making a kernel call would require a full context switch? Of course, sensitive code could use serialising instructions also, but if everything did then that might kill the performance of the CPU unless such instructions were very carefully placed.

I've only read one article in The Register on this subject, and although somewhat simplified it didn't strike me as wildly inaccurate. Time will tell of course, and I did say potentially, but I'm interested to know why you think this isn't a potentially serious security issue.

I certainly can't agree that recovering sensitive data from kernel memory would be almost impossible. It's not really simple, but tools and techniques aren't uncommon, and it's done for forensic analysis and malware profiling for example. Once an attacker or malware writer establishes the patterns they're looking for they can write faster tools, and do. There's a reason why kernel memory is supposed to be so heavily protected even at the hardware level, and I've come across many attack types over the years that aim to recover kernel pages for precisely that reason. The authors of the papers describing these vulnerabilities (linked from the Google blog post you linked) note such risks explicitly. In any case, it isn't only kernel pages that are affected but those belonging to potentially any other process in the case of "Spectre', and it can effectively bypass the security of an underlying hypervisor.

CVE-2017-5754 ("Meltdown") certainly isn't very complex to exploit as far as I can see, though it should be relatively easy to patch. CVE-2017-5753 and CVE-2017-5715 ("Spectre") are certainly much more complex to exploit, but I would say by no means impossible. In fact, the Google blog entry explicitly claims demonstration of working exploits. Other software is vulnerable and a larger attack surface may well attract some very clever attackers. Vulnerabilities that are "hard to exploit" don't tend to remain so for long IME, especially where there's a wide variety of threat vectors. In relation to CVE-2017-5715 they say "the variant 2 PoC is still a bit slow", partly because it is leaking one bit at a time, and improvement should be possible. The research from Kocher et. al. (University of Pennsylvania, Graz University, Cyberus Technology, Rambus, University of Adelaide) found that unoptimised C code could read approximately 10 KB/s on an i7.

prh47bridge, could you expand on why you think the Intel statement to be "an accurate statement of the facts"? I'm a bit short of time this morning (and it looks like I've written an essay already!) but just to pick a couple of bits:

"have the potential to improperly gather sensitive data from computing devices that are operating as designed"

There's plenty of tinfoil hat theories floating around, but given that speculation is where rival chip vendors look for speed advantages, it isn't beyond the bounds of possibility that security has been deliberately sacrificed for performance. Anders Fogh notes on the Cyber.WTF blog that Intel CPU's can provide user mode processes with access to results of speculative execution despite the results never being committed, and that speculative execution continues despite violations of the isolation between kernel mode and user mode. In other words, the underlying permission check for accessing addresses may be left, for performance reasons, until after a number of subsequent instructions have been executed.

"Intel believes these exploits do not have the potential to corrupt, modify or delete data."

No one ever claimed otherwise! Intel are careful not to say that data can't be read. And once sensitive data have been extracted from kernel memory, which is perfectly feasible, they can be used to very much "corrupt, modify or delete" other data.

It does just come across to me as PR to (try to) protect Intel's share price. The statement doesn't seem to address the core (no pun intended) of these vulnerabilities, in fact it doesn't seem to say anything at all really.

Well, an interesting discussion, but unfortunately I'm late for what looks like a long and busy day at work, not least because of "Meltdown" and "Spectre" :( I'll think about it some more when I get time :)

Report
Thoth · 05/01/2018 08:04

Could anyone explain in v simple terms how to get the apple updates, please? They never seem to pop up on my machine, and I don't know what I'm looking for....

Report
prh47bridge · 05/01/2018 08:49

do you have some data to suggest that any performance impact will be negligible

Statements from various informed sources suggest that the average user will not notice the difference for most normal usage. My employer upgraded all servers yesterday, including the web and database servers underpinning a high traffic internet application. I understand that we are not seeing any measurable change in performance.

could you expand on why you think the Intel statement to be "an accurate statement of the facts"

I've read the blog by the researchers who found the defect. The Intel statement seems to accurately reflect that blog.

it isn't beyond the bounds of possibility that security has been deliberately sacrificed for performance

No it isn't, but it doesn't look to me like that is what has happened. The fact that AMD and ARM have similar faults suggest that this is not deliberate. Rather, it is an unanticipated side effect of measures put in place to enhance performance. Given the complexity of the code needed to attack this vulnerability I am not surprised it was missed by the hardware designers.

Anders Fogh notes on the Cyber.WTF blog that Intel CPU's can provide user mode processes with access to results of speculative execution despite the results never being committed

I haven't read his blog but, if he says that, he is, to say the least, simplifying. A user mode process cannot get direct access to results of speculative execution. It would be more accurate to say that user mode processes can, with some difficulty, slowly figure out what the results were. Essentially the approach is to time actual execution of a piece of code and use that to figure out, one bit at a time, a value cached by speculative execution. It is difficult to write code that actually works and the extraction is slow in computer terms. Plus which you don't know what you are looking at. It is a piece of memory that doesn't belong to you but it would take a lot of work to figure out what is actually stored in that piece of memory. It may be a password (or, far more likely, a hash of a password) or an encryption key but figuring out that it is and where it starts and ends would be a huge amount of work.

And, by the way, Intel are very careful to say that data can be read. They don't just not say data can't be read. They specifically say it can be read. That is the first sentence of their statement.

Report
OberonTheHopeful · 05/01/2018 18:19

Thoth, this Apple Document describes how to update the software on your Mac.

Statements from various informed sources suggest that the average user will not notice the difference for most normal usage. My employer upgraded all servers yesterday, including the web and database servers underpinning a high traffic internet application. I understand that we are not seeing any measurable change in performance.

Interesting, most of the informed sources I've been talking to are tending to adopt a wait and see approach as there are still many unknowns. Updates for CVE-2017-5754 ("Meltdown") are being made available, but I personally feel it is too early to tell. Apple's update for Meltdown doesn't appear to have had a noticeable impact on performance. Likewise, they say of their upcoming updates for Spectre that the upcoming Safari mitigations will have "no measurable impact" on Speedometer and ARES-6 tests, and an impat of less than 2.5% on the JetStream benchmark. This is certainly encouraging, but note that the latter is only for Safari.

The deployment of Windows variant patches has been delayed in organisations I've dealt with due to conflicts with AV software that can cause stop errors. AV vendors are rushing out updates to implement a registry fix for this.

Of course YMMV, and I still think the impact of current and upcoming updates will vary a lot depending on hardware and use cases. As I said upthread, day-to-day PC tasks (Web browsing, word processing, email, games) are unlikely to see much impact from the Meltdown patches. (Spectre is more of an unknown.) Intel themselves acknowledge that a large system running kernel-intensive tasks might experience a hit of up to 30%. Even if it's less that's still a big impact (and cost) where it will necessitate additional hardware. Linus Torvalds notes that an average 5% drop might be expected, but that systems that make a lot of small system calls might see double digit slowdowns. Willy Tarreau says he's seen a performance drop of about 17% on a system using an i7-4790K, with a noticeable drop in network performance. As he notes, older processors without PCID are likely to be worse hit.

No it isn't, but it doesn't look to me like that is what has happened. The fact that AMD and ARM have similar faults suggest that this is not deliberate. Rather, it is an unanticipated side effect of measures put in place to enhance performance. Given the complexity of the code needed to attack this vulnerability I am not surprised it was missed by the hardware designers.

That's a valid point of view, though AMD and ARM aren't affected as much. Personally, I'm going to wait for more information before I defend tham. Hardware and microcode designers are used to dealing with exceptional complexity. Processor design for performance is highly competitive and there's unfortunately a long history of technology companies placing profit before security. I read somewhere fairly recently (can't remember where) that Lenovo are still paying for the Superfish fiasco of a couple of years ago.

I haven't read his blog but, if he says that, he is, to say the least, simplifying. A user mode process cannot get direct access to results of speculative execution. It would be more accurate to say that user mode processes can, with some difficulty, slowly figure out what the results were. Essentially the approach is to time actual execution of a piece of code and use that to figure out, one bit at a time, a value cached by speculative execution

There are three distinct vulnerabilities. The Fogh blog post, applying only to Meltdown, is referenced in the GPZ blog post linked above thus: "Basically, read Anders Fogh's blogpost". It is expected behaviour that a user mode process cannot access the results of a kernel mode instruction, but that's the problem. The GPZ post goes on to say: "the memory read could make the result of the read available to following instructions immediately and only perform the permission check asynchronously." This is why it's a vulnerability, effectively overcoming the kernel space/user space memory isolation barrier. It's why it's called "Meltdown". It affects Intel processors.

It is difficult to write code that actually works and the extraction is slow in computer terms. Plus which you don't know what you are looking at. It is a piece of memory that doesn't belong to you but it would take a lot of work to figure out what is actually stored in that piece of memory. It may be a password (or, far more likely, a hash of a password) or an encryption key but figuring out that it is and where it starts and ends would be a huge amount of work.

In the paper by Lipp et. al. (referenced in the GPZ blog post) the researchers report successfully utilising a Meltdown attack to dump kernel memory at up to 503 KB/s. They also demonstrate successfully dumping memory from both Linux and Windows 10 systems. In the Linux example the dump reveals plaintext passwords used by the Firefox 56 password manager. And this is part of the problem: it isn't really possible to suppose that passwords are most likely available only as hashes in kernel memory. User processes don't have direct access to I/O subsystems, so I/O calls will always utilise kernel space. This is why threat actors, some with huge resources, put so much effort into kernel attacks. Meltdown is quite easy to exploit. The good news is it's been patched.

Spectre is more complex certainly. It's very difficult to exploit but by no means impossible, and I'm sure some attacker groups are trying right now. The real problem with it is that any software, not just the OS, could be vulnerable, and patching it is equally complex. There are two vulnerabilities that allow a bounds-check bypass (CVE-2017-5753), or utilise branch target injection (CVE-2017-5715). They could be used to bypass both the syscall boundary (both variants), and the guest/host boundary (the second variant), so potentially subverting hypervisor security. Software isolation techniques are commonly deployed in operating systems and application software, and have relied on the fact that the CPU will faithfully execute software, including its safety checks. As noted in the Kocher paper: "speculative execution unfortunately violates this assumption".

The big issue here is that many software packages will need to be patched, and patches may not work consistently across different hardware. I think the situation will remain complicated for some time. It seems to me that it's Intel and AMD who are attempting to over-simplify. Paul Kocher has said in an interview with the New York Times that this may be a "festering problem over hardware life cycles. It's not going to change tomorrow or the day after. It's going to take awhile."

Personally, I genuinely hope that prh47bridge is proved correct, it would certainly make my life a lot less stressful, but I'm not going to assume insignificant performance or security impacts until I know more. The situation isn't simple.

Anyway, it's been a long day and I'm off to the pub :)

Report
OhYouBadBadKitten · 05/01/2018 18:51

:) I'm glad I asked. I've not got much of a clue about what you are saying, but it is fascinating.

OP posts:
Report
Thoth · 05/01/2018 20:41

Thank you Oberon.

Report
prh47bridge · 05/01/2018 22:03

I certainly wouldn't be complacent about security. It is a hole and it needs to be dealt with. My own organisation has already patched all the servers involved in delivering online services plus all internal servers. I have my doubts as to whether it will be exploited due to the complexity of the code required and the fact that there are much simpler ways of getting hold of people's passwords. Most attacks are aimed at the vulnerability referred to by researchers as the "keyboard/chair interface", i.e. the human operator. But any security issue must be taken seriously.

Report
cdtaylornats · 06/01/2018 23:10

it could be like the millennium bug - not a problem after all

That wasn't a problem because we spent 1000s of hours fixing it before something went wrong.

Report
OhYouBadBadKitten · 06/01/2018 23:12

that's very true!

OP posts:
Report
Please create an account

To comment on this thread you need to create a Mumsnet account.