Why are Spectre and Meltdown So Dangerous?
Techquickie
·Techquickie
·2018-05-06
·
1,238 words · ~6 min read
0:00
thanks for watching Techquickie click the subscribe button then enable
0:03
notifications with the Bell icon so you won't miss any future videos when
0:07
Spector and meltdown first made headlines you'd have been
0:13
forgiven for thinking that dr. no found a way to cause mayhem at a nuclear power
0:18
plant somewhere but while thankfully that isn't what happened The Spectre and
0:23
meltdown security bugs have the potential to inflict ma'am on nearly
0:27
every computer in the world between them
0:30
you see most software bugs and viruses
0:33
affect systems by trying to exploit some weakness in the code of a particular
0:38
program or operating system meaning that
0:42
they can't hurt a system they weren't designed to run on what makes spectre
0:46
and meltdown so dangerous is that they function on a level that is much closer
0:52
to the actual hardware meaning that they
0:55
can exploit tons of different CPU models
0:58
and operating systems in fact meltdown
1:02
affects nearly every Intel CPU manufactured since 1995 and specter
1:09
effects these and most AMD processors as
1:13
well Spectre clasp vulnerabilities can even
1:16
successfully attack a number of smartphone CPUs holy crap so what
1:23
happened why exactly are these bugs so
1:27
widespread well it boils down to a feature present
1:32
on virtually all modern processors called speculative execution which is a
1:37
key way that CPU significantly boosts
1:41
their performance thanks to speculative execution when a CPU is carrying out
1:46
program instructions it can guess which
1:50
instructions it might have to process next allowing a modern processor to read
1:55
ahead on the page so to speak processing data that it thinks it will need shortly
2:00
and then storing it on the very fast CPU cache memory one way that CPUs read
2:07
ahead is by starting to process the data
2:10
in memory as soon program asks for it rather than first checking to see if
2:15
that program is even allowed to access that data you see whenever you have more
2:20
than one program running your CPU will separate your system RAM into different
2:25
chunks that can only be accessed by one program to keep other ones including
2:30
malicious programs from seeing data that they shouldn't so let's say then that
2:35
program a asks to see some data from program B's memory space the CPU will
2:41
say no but only after it starts to read
2:44
that memory and whatever was in that memory space is already in the CPUs
2:49
cache now although the CPU won't directly pass that data at a program a
2:54
meltdown can figure out what the data is
2:58
by tricking the CPU instead of just
3:01
asking for the data directly meltdown will ask the CPU to add the value being
3:07
held in cache to some arbitrary number which will correspond to a certain
3:12
memory location or address the CPU still
3:16
won't reveal the information at that memory address to meltdown directly but
3:20
the data will still be cached beforehand so I know this is pretty technical here
3:25
but stick with me for its next trick meltdown will ask the CPU to read more
3:31
memory addresses noting the one that loads more quickly than the others
3:36
because it was stored in the high-speed cache in the previous step rather than
3:41
the slower system RAM this process
3:44
allows meltdown to figure out what data was in the address it initially asked
3:49
for as the cached address will just be whatever the arbitrary number that
3:54
meltdown picked plus the actual value
3:57
the system was trying to keep hidden was let's move on to Spector now although
4:02
Spector also takes advantage of speculative execution it works a little
4:06
bit differently by exploiting a CPUs branch predictor this processor
4:11
component watches for patterns in program execution so if it sees a
4:15
particular function over and over again the CPU will eventually pick up on it
4:21
and start to process this function on its own repeatedly
4:25
like how you can train your pet to do tricks by giving it food every time so
4:29
Spectre trains your CPU by telling it over and over to execute instructions
4:35
that will dump the information the attacker wants into cash after this
4:39
Specter can access the information by using various timing tricks to work out
4:44
exactly what the data contains sometimes
4:47
by asking the CPU to use the data located at a certain memory address in a
4:52
different function similarly to meltdown and getting back to why this problem is
4:58
so widespread Spectre is a whole class of attacks
5:02
which means combined with the fact that branch prediction is incredibly
5:07
important for performance in nearly all modern CPUs means that there isn't a
5:12
quick fix for every variation of it meltdown by contrast is a somewhat
5:18
easier fix that involves more thoroughly separating different memory spaces but
5:23
since the patches also cut into a CPUs
5:27
ability to read ahead as we described earlier the fixes can result in serious
5:32
slowdowns for processor intensive programs as current CPUs have actually
5:36
gotten really good at predicting what they'll need to do next a sad irony now
5:42
both Intel and AMD are working to fix the vulnerabilities on a hardware level
5:47
in their future chips which is certainly good news but because speculative
5:53
execution is so fundamental to modern CPU design only time will tell if even
5:58
brand-new processors can actually plug these holes for good and obviously that
6:05
solution isn't going to do anything for the literally billions of CPUs that are
6:11
already out in the wild so yes this
6:14
means you Jeff from New York proud owner of an overclocked 46 70 K unless you
6:19
want to go buy new hardware all you can really do is be careful what you click
6:24
on out there a cleverly designed attack that takes advantage of specter warm
6:28
meltdown wouldn't leave any trace on your PC so you may not even find out
6:33
about it until your bank accounts have been emptied and you have a little
6:36
meltdown of your own speaking of your own have you ever wanted to build your
6:40
own website Squarespace is the place to go to do it
6:44
you just pick one of their gorgeous templates and start filling in your own
6:47
text your own pictures you don't even have to do anything complicated if you
6:51
don't want to their cover pages feature lets you set up a beautiful one-page
6:55
online presence in minutes and if you're finding anything about Squarespace
6:59
complicated they've got 24/7 support via live chat and email every template
7:05
features responsive design to your website looks great on any device a
7:08
commerce module so you can use their free online store to sell things and
7:12
they've got all kinds of new tools that they're adding all the time like their
7:16
conversion metrics that track button clicks form submissions and more so you
7:21
can watch trends over time so start a trial with no credit card required and
7:25
start building your website today then when you decide to sign up for
7:28
Squarespace it's just 12 bucks a month use offer code tech to get 10% off your
7:33
first purchase so thanks for watching guys like dislike check out our other
7:37
channels leave a comment with video suggestions and don't forget to subscribe so you don't miss any future
7:41
fast as possible