The beginning of the year 2018 has been marked by Meltdown and Spectre, IT vulnerabilities that affect Intel processors (Spectre also affects other technologies). These vulnerabilities are quite peculiar: they affect the hardware layer of our information systems, which is very rare. Thus, all machines equipped with these processors risk compromission, no matter the software or operating system used. This represents a very large number of machines, since Intel processors are used by 80% of the world market.
This article focuses on the Meltdown vulnerability, which is easier to exploit than Spectre, even though it is not trivial. It allows an attacker to gather (often sensitive) information by accessing all of a machine’s RAM (live memory). How does this cyberthreat works? That’s what we will see!
Intel processor and general information
To exploit the Meltdown vulnerability and gather information such as login credentials, a pirate must have access to a process on the targeted machine. To work, this process can use one or several processors (CPU) and benefits from a dedicated RAM space. Within this space, each piece of data is stored at a virtual address which allows its recovery.
It is indeed essential for the memory and the processor to communicate with each other, the latter needing stored information to handle requests sent by the process. These communications are handled by the kernel, which acts as a proxy between the hardware and software components of the machine. Kernels differs from one operating system to an other, but remain essential elements with the same universal basic features.
This kernel can be found in the RAM space dedicated to the process, which is divided into to spaces: one for the user (userland) and one for the kernel (kernelland). The kernel being shared by every process used on the machine, it needs to be able to access every process’s data. Its memory space within each process thus contains a mapping of all the physical memory of the machine.
The userland contains a mapping of the kernelspace. However, since the latter regroups sensitive information, it should be impossible to access by a user.
Meltdown vulnerability: out-of-order execution
That is where the Meltdown IT security vulnerability lies, and allows an attacker to access the kernelland despite the restriction. The access management is handled by the processor, which raises an “exception” to stop the handling of any forbidden request. However, modern processors (including Intel’s) have a feature enabling access to the kernelland even if it is prohibited: out-of-order execution.
Out-of-order execution increases processors performances. When the processor receives an instruction sequence, it takes the first instruction into account, then bets on which instructions will have to be handled next. It can thus get ahead by handling simultaneously all these instructions, no matter the order it received it in.
When the processor handles the instructions, it starts with the recovery of the data it needs from the userland. It stores in its own cache system the virtual addresses it visited in order to access them faster in the future. Then, it performs calculation operations, and stores the results in a register in its own internal memory. These results are the answers to the requests it just handled.
And now is the moment of truth: once the instructions are handled, the processor finds out if its prediction was good or not. If the first instruction has no influence over the following ones, or if the result of the first instruction confirms that it made the right choice, the processor sends the results from its register to the userland, in order to make the process work. It can then start the operation all over again with a new series of instructions.
If the processor finds out it was wrong however, it deletes the result of the instructions it shouldn’t have handled, sends the results of the first instruction if needed, and gets back to its usual work. However, the internal cache of the processor is not emptied: the component keeps a trace of virtual addresses it accessed during the wrongful treatment of these instructions. This specific case is used for the exploit of the Meltdown vulnerability, as we will explain.
Cyberthreat: exploit of Meltdown
First steps to prepare the attack
As we saw, the hacker must have access to a process to be able to exploit the vulnerability. He accesses a userland, which he’ll use to reach the kernelland. He starts by creating a probe array in this userland, with independent pages that are each given an identifier.
Access to the kernelland
Imagine that the hacker wants to know the value “X” stored in the kernelland at the virtual address “N”. The second step of the compromission consists in sending the processor a series of instructions to handle, which request:
- Access to the virtual address N to recover the value X
- Access to the page of the probe array whose identifier is equal to the value X. We will call “C” the address at which it is stored.
As we saw, without out-of-order execution, the processor would read the first instruction, raise an exception, and stop the treatment without handling the request. With out-of-order execution, it has time to handle both instructions simultaneously, before the exception is even raised.
After the exception is raised, the processor realizes it was wrong to handle these requests, and deletes the results from its register. However, the addresses it accessed to gather the informations needed for the treatment are still stored in its internal cache. In our example, the latter contains the address N from the kernelland, and the address C matching a page of the userland probe array.
It is important to note that the hacker can never have a direct access to the value X. It has been recovered by the processor and has been stocked in, then deleted from its internal register, but has never been transmitted to the userland, thus remaining inaccessible.
Recovery of stored information
At this point, the attacker knows that the processor’s cache contains the aforementioned addresses. He knows the address N, and that is hosts the value X. He also knows which virtual address matches which page of the probe array it created, and the identifier of the pages. All he has left to do is get the address C, and find the corresponding page: its identifier is equal to the value X!
To recover this address, the pirate exploits a side-channel cache attack such as Flush+Reload. It enables him to measure the time needed to access a virtual address, in our case the ones in the userland. The hacker repeats the test on all the addresses matching the pages of his array, and spots the address which as been the fastest to access: it is the one that has been cached by the processor.
That is how, in our case, the hacker finds out what the address C, which has been cached, is, and thus can find out what the value X is.
Iteration of the attack to read all of the memory
We mentioned it at the beginning of the article: within the kernelland can be found a mapping of all of the physical memory of the attacked machine. By gathering all the data stored in the kernelland thanks to the iteration of the attack on all virtual addresses of this memory space, the pirate can thus have access to it and gather a huge amount of information…
The protection of your data is and remains our priority!
Find out more about our expertise in IT security!
Update to come: how NBS System protects its clients against the exploit of the Meltdown vulnerability.