![]() By watching the timing of those checks, the program could find traces of the kernel's secrets.įogh failed to build a working attack, due to what other researchers now say were quirks of his testing setup. And even after the processor realized its mistake and erased the results of that illicit access, the malicious code could trick the processor again into checking its cache, the small part of memory allotted to the processor to keep recently used data easily accessible. Perhaps, Fogh suggested, that out-of-order flexibility could allow malicious code to manipulate a processor to access a portion of memory it shouldn't have access to-like the kernel- before the chip actually checked whether the code should have permission. Schneier argues bug collisions like Spectre and Meltdown mean they should err on the side of disclosure: According to rough estimates in the Harvard study he co-authored, as many as one third of all zero-days used in a given year may have first been discovered by the NSA. So when the NSA finds a so-called zero-day vulnerability-a previously unknown hackable flaw in software or hardware-Schneier argues that tendency for rediscovery needs to factor into whether the agency stealthily exploits the bug for espionage, or instead reports it to whatever party can fix it. And it definitely occurs way more often than chance." "Something happens in the community and it leads people to think, let’s look over here. "It's weird, right? It’s like there’s something in the water," says Schneier, who last summer co-authored a paper on vulnerability discovery. Something-and even Schneier admits it's not clear what-leads the world's best security researchers to make near-simultaneous discoveries, just as Leibniz and Newton simultaneously invented calculus in the late 17th century, and five different engineers independently invented the television within years of one another in the 1920s. The Meltdown and Spectre incident isn't, after all, the first time major bugs have been found concurrently. 'There’s no reason someone couldn’t have found this years ago instead of today.' ![]() More than a sense of achievement, he felt shock and dismay. ![]() His code, designed to steal information from the deepest, most protected part of a computer's operating system, known as the kernel, no longer spat out random characters but what appeared to be real data siphoned from the sensitive guts of his machine: snippets from his web browsing history, text from private email conversations. That evening, Gruss informed the other two researchers that he'd succeeded. ![]() After a Saturday night drinking with friends, they got to work the next day, each independently writing code to test a theoretical attack on the suspected vulnerability, sharing their progress via instant message. Two days earlier, in their lab at Graz's University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to tease out an idea that had nagged at them for weeks, a loose thread in the safeguards underpinning how processors defend the most sensitive memory of billions of computers. On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |