Fri, Jan 12, 2018 - Page 9 News List

Inside the chip industry’s meltdown

Tech titans worked in secrecy for months to fix key flaws, after researchers uncovered security holes they thought were too big to be true

By By Ian King, Jeremy Kahn, Alex Webb and Giles Turner  /  Bloomberg

Jann Horn, a young Google researcher credited with first reporting the Meltdown and Spectre weaknesses, was inspired by some of this work, according to a recent tweet.

In August 2016, at Black Hat USA, a major cybersecurity conference in Las Vegas, a team from Graz Technical University presented their research from earlier in the year on a way to prevent attacks against the kernel memory of Intel chips.

One of the group, Daniel Gruss, shared a hotel room with Fogh, a malware researcher at G Data Advanced Analytics, an IT security consulting firm. Fogh had long been interested in “side-channel” attacks, ways to use the structure of chips to force computers to reveal data.

Fogh and Gruss stayed up late at night discussing the theoretical basis for what would later become Spectre and Meltdown. However, like Prescher more than a year later, the Graz team was skeptical that this was a real flaw.

Gruss recalls telling Fogh that the chipmakers would have uncovered such a glaring security hole during testing and would never have shipped chips with a vulnerability like that.

Fogh made the case again at Black Hat Europe, in early November 2016 in London, this time to Graz researcher Michael Schwarz. The two discussed how side-channel attacks might overcome the security of “virtualized” computing, where single servers are sliced up into what looks, to users, like multiple machines.

This is a key part of increasingly popular cloud services. It is supposed to be secure because each virtual computing session is designed to keep different customers’ information separate even when it is on the same server.

Despite Fogh’s encouragement, the Graz researchers still did not think attacks would ever work in practice.

“That would be such a major f*ck-up by Intel that it can’t be possible,” Schwarz recalled saying.

So the team did not dedicate much time to it.

In January last year, Fogh said he finally made the connection to speculative execution and how it could be used to attack the kernel. He mentioned his findings at an industry conference on Jan. 12, and in March he pitched the idea to the Graz team.

By the middle of the year, the Graz researchers had developed a software security patch they called KAISER that was designed to fix the KASLR break. It was made for Linux, the world’s most popular open-source operating system.

Linux controls servers — making it important for corporate computing — and also supports the Android operating system used by the majority of mobile devices. Being open source, all suggested Linux updates must be shared publicly, and KAISER was well received by the developer community.

The researchers did not know it then, but their patch would turn out to help prevent Meltdown attacks.

Fogh published his blog on July 28, detailing efforts to use a Meltdown-style attack to steal information from a real computer running real software. He failed, again fueling doubts among other researchers that the vulnerabilities could really be used to steal data from chips.

Fogh also mentioned unfinished work on what would become Spectre, calling it “Pandora’s Box.” That got little reaction, too.

The Graz team’s attitude quickly changed, though, as summer turned to fall. They noticed a spike in programming activity on their KAISER patch from researchers at Google, Amazon and Microsoft. These giants were pitching updates and trying to persuade the Linux community to accept them — without being open about their reasons sometimes.

This story has been viewed 3450 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top