Daniel Gruss didn't sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel, something we discussed in "Why The Implications Of The Intel "Bug" Are Staggering." And as Reuters describes in fascinating detail, the 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University had just breached the inner sanctum of his computer's CPU and stolen secrets from it.
Until that moment, Gruss and colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's 'kernel' memory, which is meant to be inaccessible to users, was only theoretically possible.
"When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured.
Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result.
"We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found".
The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995.
Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices and ARM Holdings, a unit of Japan's Softbank.
Both would enable a hacker to access secret passwords or photos from desktops, laptops, cloud servers or smartphones. It's not known whether criminals have been able to carry out such attacks as neither Meltdown nor Spectre leave any traces in log files.
Intel says it has started providing software and firmware updates to mitigate the security issues. ARM has also said it was working with AMD and Intel on security fixes.
Finding a Fix
The discovery was originally reported by online tech journal The Register. As a result of that report, research on the defect was published a week earlier than the manufacturers had planned, before some had time to work out a complete fix.
The Graz team had already been working on a tool to defend against attempts to steal secrets from kernel memory.
In a paper presented last June they called it KAISER, or Kernel Address Isolation to have Side-channels Effectively Removed.
As the name suggests, KAISER seeks to defend the kernel memory from a so-called side-channel attack that exploits a design feature of modern processors that increases their speed.
This involves processors executing tasks "out-of-order", and not in the sequence received. If the CPU makes the right speculative call, time is saved. Get it wrong and the out-of-order task is cancelled and no time is lost.
Researcher Anders Fogh wrote in a subsequent blog that it might be possible to abuse so-called speculative execution in order to read kernel memory. He was not able to do so in practice, however.
Responsible Disclosure
Only after the December self-hacking episode did the significance of Graz team's earlier work become clear. It turned out that the KAISER tool presented an effective defense against Meltdown. The team quickly got in touch with Intel and learned that other researchers - inspired in part by Fogh's blog - had made similar discoveries.
They were working under so-called responsible disclosure, where researchers inform affected companies of their findings to give them time to prepare 'patches' to repair flaws they have exposed.
The key players were independent researcher Paul Kocher and the team at a company called Cyberus Technology, said Gruss, while Jann Horn at Google Project Zero came to similar conclusions independently.
"We merged our efforts in mid-December with the team around Paul Kocher and the people from Cyberus Technology to work on two solid publications on Meltdown and Spectre," said Gruss.
Gruss had not even been aware of the work Horn was doing.
"Jann Horn developed all of this independently - that's incredibly impressive," he said. "We developed very similar attacks, but we were a team of 10 researchers."
The wider team said patches for Meltdown, based on KAISER, had been readied for Microsoft and Apple operating systems, as well as for the Linux open-source system.
There is as yet no fix for Spectre, which tricks programmes into leaking their secrets but is viewed as a harder exploit for a hacker to carry out.
Asked which of the two flaws posed the greater challenge, Gruss said: "The immediate problem is Meltdown. After that it is going to be Spectre. Spectre is more difficult to exploit but also to mitigate. So in the long run I'd bet on Spectre."
Comments
If this is known publicly today, imagine how long ago intel agencies have kept the secret.
Some of us have known for years that the Jewish intel was compromised. Why do you think they call it intel?
I assume the down votes are coming from those who are just now beginning to wake up and see the world for what it really is? I took that trip years ago.
In reply to If this is being done… by Brazen Heist
What's really troubling is the thousands and thousands of these chips in US government sensitive items. Wonder if th Awan brothers knew about this one?
In reply to Some of us have known for… by SamAdams
Most of those CPUs are hard wired on the motherboard. Is everyone supposed to throw away their MB or laptop and go buy a new one when the CPUs have been redesigned to fix this vulnerability?
Sounds like a scam or built in flaw to boost computer/chip sales to me. Trash your old computer and buy a new one or you are vulnerable! LOL
In reply to What's really troubling is… by FoggyWorld
Enjoy those secure CRYPTOS!
In reply to Most of those CPUs are hard… by IH8OBAMA
"Installing new Chrome with Meltdown fix makes it even easier for spy agencies to get in your computer."
Headline in 2 weeks from now.
In reply to Enjoy those secure CRYPTOS! by Pinto Currency
Cryptos are much safer than YOUR bank account or stock accounts, LOL!
In reply to … by BennyBoy
Google told Intel of this open door in their chips months ago (did they respond 'thanks, that's how we designed them' ?):
https://www.cnbc.com/2018/01/04/intel-ceo-reportedly-sold-shares-after-the-company-already-knew-about-massive-security-flaws.html
http://www.businessinsider.com/intel-ceo-google-discovered-the-chip-flaw-months-ago-2018-1?op=1
Probably not material information.
There are no other security flaws in Intel's chips. Promising for real this time.
In reply to Cryptos are much safer than… by USisCorrupt
https://www.tugraz.at/en/tu-graz/services/news-stories/planet-research/…
“When a system is regarded as absolutely safe, our curiosity is awakened,” explains Daniel Gruss
In reply to Google told Intel of this… by Pinto Currency
If it connects to a network and or the internet, it's not safe.
In reply to https://www.tugraz.at/en/tu… by Joe Davola
The Iranians tried that with their centrifuges, but stuxnet found a way - aka Sneaker Net!
In reply to If it connects to a network… by JRobby
Some call it a flaw, others call it a feature. This bug is no accident. This seems like CIA leaking info to damage NSA capabilities a la the Snowden Op.
In reply to The Iranians tried that with… by Joe Davola
It was a CIA requirement, not a bug.
In reply to Some call it a flaw, others… by TruxtonSpangler
Stand-alone platforms are also vulnerable.
In reply to The Iranians tried that with… by Joe Davola
When you use a hardware wallet, then cryptos are not affected.
In reply to If it connects to a network… by JRobby
Don't store anything on your computer that matters to anyone else
In reply to If it connects to a network… by JRobby
Until someone comes up with a hack that traverses down the blockchains and renders all your pretty cryptos useless.
I'm in IT and know that in the end nothing is secure.
In reply to Cryptos are much safer than… by USisCorrupt
Then you need to hack all nodes successfully in order to manipulate the verification process. Since many nodes run on AMD processors, this is impossible.
In reply to Until someone comes up with… by _ConanTheLiber…
Every major hardware manufacturer has the same or similar built in "flaws" - its part of the National Security letter...
In reply to Then you need to hack all… by Bunga Bunga
Not sure what IT you are in. Indian call center?
Because if you had a bit of brain, you would understand what can and can not be done with these vulnerabilities.
In reply to Until someone comes up with… by _ConanTheLiber…
"Cryptos are much safer than YOUR bank account or stock accounts, LOL!"
Right, because ATMS, bank accounts and stock accounts are not based on these architectures, nor do people do online banking. Oh wait, they do.
This does not hack the crypto system. It just means YOU can be hacked, and it also means THE BANK ITSELF can be hacked. So in fact this is a bigger threat to the banks than the cryptos due to their centralized servers.
In reply to Cryptos are much safer than… by USisCorrupt
Perhaps you haven't seen the reports of millions being stolen from cryptos or the fact that they have no fundamental value and fluctuate radically minute by minute.
In reply to Cryptos are much safer than… by USisCorrupt
Vulnerability ... how cute are you? This was an intentional back door. Mr. Researcher needs to stay away from nail-guns and hot tubs.
In reply to … by BennyBoy
I also recommend to him getting a car manufactured before 1995 . . . just ask Michael Hastings . . .
In reply to Vulnerability ... how cute… by The Alarmist
Patching it just pinpoints the issue, then it's just getting past the software protecting it. There is always an exploit.
In reply to … by BennyBoy
I think this is a 'feature' not a bug
In reply to … by BennyBoy
Ya, only crypto users have intel... banks and employers never use it.
In reply to Enjoy those secure CRYPTOS! by Pinto Currency
This same or very similar flaw exists in AMD, Cisco, et al. It is put there on purpose at the behest of one or more agencies...
In reply to Ya, only crypto users have… by MadHatt
Use a hardware wallet like Trezor. Full encrypted key storage off your computer.
In reply to Enjoy those secure CRYPTOS! by Pinto Currency
What method do you use to input the key?
In reply to Use a hardware wallet like… by DjangoCat
You don't even know this most basic thing, but you somehow know that meltdown was put into CPUs on behest of one or more agencies.
Right.
In reply to What method do you use to… by TruxtonSpangler
I think the point might be that the crypto is connected to a computer at some point.
In reply to You don't even know this… by blentus
Crypto and bank accounts are safe as long as you never let your browser save your important passwords!
In reply to Enjoy those secure CRYPTOS! by Pinto Currency
Enjoy the banks computing your account.
In reply to Enjoy those secure CRYPTOS! by Pinto Currency
No, this has been known for years. That's why some of us try to use AMD when possible.
In reply to Most of those CPUs are hard… by IH8OBAMA
That's why the company name is "Intel".
In reply to No, this has been known for… by SamAdams
Their name is a sick joke really.
In reply to That's why the company name… by freedommusic
AMD uses many Intel architecture patents and its only a matter of time before similar exploits are discovered for AMD. EVERYTHING is compromised from the factory, how do you think NSA can collect every SigInt globally?
In reply to Their name is a sick joke… by _ConanTheLiber…
Meanwhile the replacement chips are getting the real backdoor installed for the spooks.
In reply to Most of those CPUs are hard… by IH8OBAMA
Replace with AMD.
In reply to Meanwhile the replacement… by Daves Not Here
not hardwired...
In reply to Most of those CPUs are hard… by IH8OBAMA
Can I get a refund?
In reply to Most of those CPUs are hard… by IH8OBAMA
Anything that comes out of that subsidized sewer, apartheid, occupied Palestine...the answer is obvious.
Boycott the monstrosity and all its subsidized filth!
Barcodes 500, 729 & 871 mark the filth of "Israel"
Barcodes 7219 & 7922 mark the filth from the rest of occupied, apartheid Palestine.
In reply to Some of us have known for… by SamAdams
"Some of us have known for years that the Jewish intel was compromised. Why do you think they call it intel?"
I very much doubt this is a conspiracy to deliberatly make intel processors vulnerable. Its simply a mistake as no one at the time considered it exploitable. If there are backdoors into intel processors, this isn't it since Israeli computers are also vulernable and so are all US gov't computers.
This stuff is extremely complex, and it its take about 20 years before the flaw was detected.
In reply to Some of us have known for… by SamAdams
No..these processors are designed in Israel. for a reason
In reply to "Some of us have known for… by AGuy
Israel Inside™
In reply to Some of us have known for… by SamAdams
LOL.
In reply to Israel Inside™ by Ron_Mexico
Israel Inside(K).
In reply to Israel Inside™ by Ron_Mexico
yo mama is a jew
In reply to Some of us have known for… by SamAdams
Especially those sneaky Jooz!
In reply to If this is being done… by Brazen Heist
Pagination