Meltdown and Spectre in 10 mins

@thebestie // Karnov Group 2018 Coolest thing ever to happen
to CPU nerds Best logos associated with a crisis Affect pretty much everyone Worst computer vulnerabilities possibly ever

@thebestie // Karnov Group 2018 Allows unprivileged programs to read
the entire systems memory Meltdown ‘Melts’ existing memory isolation boundaries Virtual Machines are not safe! AWS, Google Cloud and Azure

@thebestie // Karnov Group 2018 More limited in scope Spectre
More complicated, tricky to do, difficult to prevent JavaScript proof of concept can read your entire browser’s memory

@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal
all the information in my browser!

@thebestie // Karnov Group 2018 What’s at risk? Spectre Your
cookies and active sessions Entire Gmail inbox Social media accounts PayPal Banks

@thebestie // Karnov Group 2018 Update your operating system What
can I do? Update your browsers Turn on ‘Strict site isolation’ in Chrome Close some tabs and log out

Cool story. @thebestie // Karnov Group 2018 How does it
work?

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);
@thebestie // Karnov Group 2018 This is slow, while the CPU waits it executes 2

@thebestie // Karnov Group 2018 This is illegal but the CPU doesn’t know it yet

@thebestie // Karnov Group 2018 This is where the magic happens

@thebestie // Karnov Group 2018 0 1 2 3 4
5 6 7 9 10 This is an array I made earlier, I can read/write

5 6 7 9 10 1 1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 my_array[y] = 1; Looks like y was 7

5 6 7 9 10 But that was illegal An exception was raised State is rolled back

5 6 7 9 10 Something was left over . . . When iterating something strange happens

5 6 7 9 10 The CPU has cached the value of 7 The data is returned much faster

@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now
have 1 MB of data

@thebestie // Karnov Group 2018

Meltdown and Spectre in 10 mins

Meltdown and Spectre in 10 mins

Stephen Best

More Decks by Stephen Best

Other Decks in Technology

Featured

Transcript

@thebestie // Karnov Group 2018 Coolest thing ever to happen

@thebestie // Karnov Group 2018 Allows unprivileged programs to read

@thebestie // Karnov Group 2018 More limited in scope Spectre

@thebestie // Karnov Group 2018 Spectre Malicious JavaScript can steal

@thebestie // Karnov Group 2018 What’s at risk? Spectre Your

@thebestie // Karnov Group 2018 Update your operating system What

Cool story. @thebestie // Karnov Group 2018 How does it

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

1 x = get_some_legal_data(); 2 y = get_some_illegal_data(); 3 do_something_with_value(y);

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 0 1 2 3 4

@thebestie // Karnov Group 2018 Repeat 1.048.576 times You now

@thebestie // Karnov Group 2018