Spectre and Meltdown Impacts on Wallets Private Keys

On 2018-01-03 various research papers and security blogs were posted regarding an embedded security flaw that effects many CPUs. Security researchers from Google’s Project Zero team tested and reproduced data leaks that occur on CPUs and cache memory (regardless of the operating system being run).

In order to understand the potential for a security breach, it is important to understand the basics of computer architecture. Computer memory can be divided into four physical categories:

  1. Registers

    • Exist on the CPU, are both general purpose and special purpose
    • Example of register access in C and x86 Assembly:
        int variable = 0; // in C, some register on the CPU will store the binary value of the decimal number "1"
        mov eax,4 ; in x86 Assembly, some register "eax" will store the decimal value "4"
  2. Cache

    • The closest memory to the CPU
    • Stores the instructions for operations to be executed (such as the instructions provided above)
    • Stores pointers to memory locations that are to be accessed
  3. RAM

    • Where files that are actively being accessed are stored
  4. Drive

    • Hard Drives, Solid State Drives, CD’s etc.
    • Where the majority of data is stored, in a state of inactivity

When evaluating a security breach that occurs very close to the bare metal of a CPU, it is important to understand that even a language with very little abstraction, such as assembly x86, operates virtually. Compiled assembly code functions by calling “op codes”, which are represented numerically in a CPUs various processing units. CPUs have different built in processing units for managing different tasks, such as the arithmetic logic unit. This brings us to the security flaw, with is fundamentally embedded within the instruction set architecture of CPUs.

In order to execute instructions and access memory as fast as possible, modern CPUs utilize branch prediction and speculative execution. Different CPU tasks require different amounts of clock cycles. For example, adding two integers stored in two registers is faster than reading one integer stored in an array on the RAM. The two example operations also require different CPU resources. Branch prediction is used to pipeline or execute operations that use different resources so they occur in conjunction. The reason it is called prediction is because the CPU uses probability calculations to execute operations and retrieve files prior to their actual arrival on the CPU (from cache or RAM). The Spectre Attack PDF describes this process and how it leads to leaks as follows:

if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects.

The significance of the Spectre attacks are they circumvent root or administrative protection on file access. The main theme behind the many attacks outlined in the PDF is that there are ways for software with no privileges to access files being used by privileged software. The attacks may also enable access of super privileged data, such as seeds and keys that are to be generated only once and never stored on a hard drive. Due to registers, cache, and RAM being exposed at an architecture level, encrypted data also becomes vulnerable.

Despite the data leaks being low-level breaches, they can be executed in browsers through Javascript. According to the Spectre PDF:

In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.

Mozilla software engineer Luke Warner posted a statement concerning the Spectre attacks on 2018-01-03. For the time being, the Mozilla developers are attempting to reduce the effectiveness of these attacks by depreciating certain functions and altering the return values of other functions. A full explanation may be found at Fantastic Timers and Where to Find Them.

For the time being, no known attacks have been executed that utilize the vectors outlined in Spectre. Software developers and hackers are likely now in a race to discover more related exploits and deploy either patches or malware. It is of the utmost importance to take as many measures as possible to secure digital funds. This is why it is always emphasized to generate private keys off-line on a freshly booted, persistent Linux distribution.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.