Fri, Jan 12, 2018 - Page 9 News List

Inside the chip industry’s meltdown

Tech titans worked in secrecy for months to fix key flaws, after researchers uncovered security holes they thought were too big to be true

By By Ian King, Jeremy Kahn, Alex Webb and Giles Turner  /  Bloomberg

Illustration: Mountain people

It was late November last year and former Intel Corp engineer Thomas Prescher was enjoying beers and burgers with friends in Dresden, Germany, when the conversation turned, ominously, to semiconductors.

Months earlier, cybersecurity researcher Anders Fogh had posted a blog suggesting a possible way to hack into chips powering most of the world’s computers, and the friends spent part of the evening trying to make sense of it. The idea nagged at Prescher, so when he got home he fired up his desktop computer and set about putting the theory into practice.

At 2am, a breakthrough: He had strung together code that reinforced Fogh’s idea and suggested there was something seriously wrong.

“My immediate reaction was: ‘It can’t be true, it can’t be true,’” Prescher said.

Last week, his worst fears were proved right when Intel, one of the world’s largest chipmakers, said all modern processors can be attacked by techniques dubbed Meltdown and Spectre, exposing crucial data, such as passwords and encryption keys.

The biggest technology companies, including Microsoft Corp, Apple, Google and Amazon.com Inc are rushing out fixes for PCs, smartphones and the servers that power the Internet, and some have warned that their solutions might dent performance in some cases.

Prescher was one of at least 10 researchers and engineers working around the globe — sometimes independently, sometimes together — who uncovered Meltdown and Spectre.

Interviews with several of these experts reveal a chip industry that, while talking up efforts to secure computers, failed to spot that a common feature of their products had made machines so vulnerable.

“It makes you shudder,” said Paul Kocher, who helped find Spectre and started studying trade-offs between security and performance after leaving a full-time job at chip company Rambus Inc last year.

“The processor people were looking at performance and not looking at security,” he said.

Kocher still works as an adviser to Rambus.

All processor makers have tried to speed up the way chips crunch data and run programs by making them guess. Using speculative execution, the microprocessor fetches data it predicts it is going to need next.

Spectre fools the processor into running speculative operations — ones it would not normally perform — and then uses information about how long the hardware takes to retrieve the data to infer the details of that information. Meltdown exposes data directly by undermining the way information in different applications is kept separate by what is known as a kernel, the key software at the core of every computer.

Researchers began writing about the potential for security weaknesses at the heart of central processing units, or CPUs, at least as early as 2005.

Yuval Yarom, at the University of Adelaide in Australia, is credited with helping discover Spectre last week and penned some of this early work.

By 2013, other research papers showed that CPUs let unauthorized users see the layout of the kernel, a set of instructions that guide how computers perform key tasks like allocating resources and managing files and security. This vulnerability became known as a Kernel Address Space Layout Randomization (KASLR) break and was the foundation for some of last week’s revelations.

In 2016, research by Felix Wilhelm and others demonstrated how an early version of speculative execution could make chips vulnerable to data leaks.

This story has been viewed 2360 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top