Security

New Spectre, Meltdown variants leave victims open to side-channel attacks

MeltdownPrime and SpectrePrime, found by Princeton and NVIDIA researchers, may require significant hardware changes to be mitigated.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • MeltdownPrime and SpectrePrime, new variants of the Meltdown and Spectre flaws, could put PCs at risk of another type of cyberattack.
  • The MeltdownPrime and SpectrePrime exploits could be harder to protect against than the original Meltdown and Spectre flaws, because of how deep their flaws exist in the processor.

Security researchers from NVIDIA and Princeton have discovered new variants of the Meltdown and Spectre flaws that may be more difficult to tackle than the originals. Dubbed MeltdownPrime and SpectrePrime, these flaws were further detailed in a recent research paper.

The software changes already underway will likely take care of these two exploits, but the coming hardware fixes won't, the researchers noted in the paper. The researchers said they believe the "hardware protection against them will be distinct," which means that chip makers may need to further change their designs to mitigate the threats.

After creating their own tool to synthesize the Spectre and Meltdown flaws, the researchers were able to use their findings to conduct side-channel attacks, or attacks that take advantage of the physical hardware related to a system's security. The side-channel attacks in this exploit are cache-based and rely on the timing of cache activity to glean information, the report said.

SEE: Information security incident reporting policy (Tech Pro Research)

The two techniques used in the examples are called Prime+Probe and Flush+Reload, the report said. So, it makes sense where the Prime nomenclature comes from.

"By exploiting cache invalidations, MeltdownPrime and SpectrePrime - two variants of Meltdown and Spectre, respectively - can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel," researchers wrote in the paper.

By leveraging software dependencies, the paper said, Flush+Reload attacks can also be altered to go after any memory location, not just shared memory. What's at stake here? Well, according to the researchers, these attacks can lead to a leak of privileged kernel memory as well.

While no exploit code has been released for the attack, the researchers did note that they were able to test SpectrePrime on "a Macbook with a 2.4 GHz Intel Core i7 Processor running macOS Sierra, Version 10.12.6." However, MeltdownPrime hasn't been tested as thoroughly yet.

Attacks like MeltdownPrime and SpectrePrime are just proof-of-concepts, but they demonstrate how far-reaching and impactful the initial Meltdown and Spectre flaws will be for years to come.

Also see

spctremeltdown.jpg
Image: iStockphoto/cherezoff

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox