ETL Blog

2 minutes reading time (478 words)

Chip-Level Security Bug – Spectre NOT SPEKTOR!

IT_Security562

 A fundamental design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed.

'Meltdown' and 'Spectre' are the names of two exploits that leverage critical vulnerabilities in all modern Intel® processors used in Windows, Linux and Apple Mac devices. These exploits allow programs to steal data which is currently processed on the computer.

John Leyden and Chris Williams' article for The Register® explains: "Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes' virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and re-enter the process. While in user mode, the kernel's code and data remains out of sight but present in the process's page tables".

The issue with Intel's CPUs may allow applications, malware, and JavaScript running in web browsers, to obtain information they should not be allowed to access: the contents of the operating system kernel's private memory areas. This should not be possible!

Advice from security experts is to; sit tight, install OS and firmware security updates as soon as you can, don't run untrusted code and consider turning on site isolation in your browser to thwart malicious webpages trying to leverage these design flaws to steal session cookies from the browser process.

Unfortunately, updates to both Linux and Windows will incur a performance hit on Intel products. Other operating systems, such as Apple's 64-bit macOS, will still need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it.

Do not confuse Spectre with SPEKTOR!

SPEKTOR is the name of our Digital Forensic Triage family of products. Designed specifically for use by non-technical investigators, SPEKTOR is used by front line police and other enforcement officers around the world to rapidly preserve and automatically examine data stored on computers, servers and mass storage devices.

As a company, Evidence Talks is committed to assisting Law Enforcement Officers and corporate security staff around the world fight cyber-crime. As recognised Computer Forensic Experts, we also offer the full range of digital forensic services, from identifying the data to be captured from all digital devices, through to providing expert witness services in court. We have an enviable reputation among our clients and we focus on delivering quality of service, reliability of results and impartial, practical advice.

https://spectreattack.com/

https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Andrew Sheldon interview with Defense & Aerospace ...
Evidence Talks steps up the fight against insider ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 06 March 2021

EasyBlog - Latest Blogs Module

EasyBlog - Random Post Module

05 April 2019
Digital Forensics
News
Cyber Security
Spektor
Events
Evidence Talks was proud to sponsor the Team of the Year category at the recent International Digital Investigation and Intelligence Awards event in Heathrow on the 14th March. The winners were The Di...
10 October 2017
Digital Forensics
Blogs
Spektor
Evidence Talks' new SPEKTOR Module 'Rapid Imager', enables faster and new approaches to image acquisition. It offers the ability to store multiple streams per container using an AFF4 format, saving th...
19 April 2017
Digital Forensics
News
Contributions
​Our CTO Andrew Sheldon, one of the UK's leading experts in the field of digital forensics technology and application, explains how the corporate community can protect their business interests and aid...
05 May 2017
News
Contributions
CTO of Evidence Talks Andrew Sheldon has worked as a contributing author on the 4th Edition of Electronic Evidence.In this updated edition of the well-established practitioner text, Stephen Mason and ...
31 October 2016
News
Awards
​Elizabeth Sheldon, CEO of Evidence Talks, has won in two categories of the Milton Keynes Women Leaders Awards, for both Business Services and Science and Technology. Full Story...
CCL Solutions Group-Evidence Talks Ltd, First Floor Derwent House, Cranfield University Technology Park, 
​University Way, Cranfield, Bedford, MK43 0AZ
 
t: +44 (0)1908 597960     e: Contact via email
Contact Us 
t: +44 (0)1908 597960