KRACK, Meltdown, and Spectre
“There is one moral safeguard within the reach of all sensible men, beneficial especially to free states in dealing with despots. I mean mistrust. Cling to it and you are safe.”
Spectre is a vulnerability in modern CPU’s speculative execution process which allows hackers to access memory that is normally safeguarded.
Speculative execution is an attempt at optimization wherein processors create a prediction for which direction a branching statement will end up before the memory used to control the branch is retrieved. When this prediction is correct, the processor saves time by pre-executing the appropriate code. By training the speculative execution predictor to expect valid memory calls in a branch, malicious programs can slip in calls that request memory they have no right to.
The paper introducing the vulnerability gave this example:
if(x < array1_size)
y = array2[array1[x]*256]
Using values of x that are less than the first array’s size will train the predictor to expect array element values in a safe range. By suddenly using a value greater than array1_size, a program can speculatively access an unusually high memory address. While the processor ends up discarding this improperly retrieved memory, side channel attacks let it be read out byte by byte from its temporary loading place.
Spectre’s discoverers clarified that there was variation in which versions of the attack worked on which processors but contend that all modern processors are potentially vulnerable. They maintained that there was no simple fix, but that better memory isolation and precautions added during program compilation (at the cost of performance) may mitigate users’ risk.
The Meltdown attack is a vulnerability in processors’ use of out-of-order operation optimizations which allows malicious programs to steal the contents of a computer’s memory.
Out-of-order operations are when a processor runs instructions from a queue as operands are retrieved from memory rather than in the order they were written. In the event that the future instructions were indeed needed, this improves performance. Otherwise, the system discards their results. Unfortunately, these different execution paths influence the memory cache, which an attacking program can capture through a side channel, allowing them to dump the entire contents of a machine’s memory kernel, including any physical memory to which the kernel region maps.
Fortunately, the researchers who discovered the attack have determined that it can be stopped via use of the Kernel Page-Table Isolation (KPTI) protocol, and recommend implementing this solution wherever possible. The safest course of action is to install any operating system updates as they become available, as most systems are moving to include this solution.
The KRACK vulnerability was first presented in an academic paper on November 1st, 2017 detailing an exploit in the current implementation of WPA2 wireless encryption. The WPA2 standard includes the negotiation of an encryption key between a wireless user and their access point which is intended to keep information safe; however, because it’s possible for messages to go unreceived, the router is prepared to repeat part of the negotiation process.
If a third party intercepts, modifies, and rebroadcasts part of these transmissions, they can cause several parameters of the encryption process to reset, allowing easier decryption of packets through the simplification this provides. Android and Linux systems are particularly vulnerable because they can be fooled into installing an all-zero encryption key, allowing complete packet decryption.
The researchers who discovered the vulnerability strongly endorse installing any security updates provided by vendors, who are now beginning the work of patching this vulnerability. There is also ongoing discussion (see above paper) of reworking the standards for Wi-Fi so that this issue will not be exploitable going forward.
TechArk and Security
TechArk’s development team members are experts in storing and accessing your data safely. Our dedicated staff understands the importance of maintaining your privacy and peace of mind and will work tirelessly to secure your business’ data.
If you’re interested in utilizing our dev team’s security expertise, get in touch with us today!
Our software engineers tell you how you can protect your technology.