Over the last couple of days, two major vulnerabilities — Spectre and Meltdown — have surfaced. These vulnerabilities, which affect nearly all intel chips from the past decade, are two of the most — if not the most — dangerous vulnerabilities the IT world has ever seen.
Every time a big new vulnerability comes out, however, the public is given rudimentary explanations that never really get to the point of the issue and, in turn, non-IT people never really know whats going on. In this article, I’m going to try to explain these two extremely dangerous and complex attacks as if you were a super hero-loving 5 year old.
These attacks affect the kernel of an operating system. Before my super-hero analogy, allow me to explain the kernel at a slightly higher level:
The Kernel is the core of an operating system and has complete control over everything (processor, memory, chips, etc.) on the system. Whenever a program needs to do anything (i.e. write to files, open network connections, etc.), it hands control of user-space processing to the kernel temporarily.
Now, for the analogy:
Whenever Batman and the rest of the Justice League are out fighting mega-criminals, Alfred (the kernel) is handed control of the Batcave (the processor) so that he can provide important information and help the group win. When the team defeats the bad guys, Batman relieves Alfred of his control and takes the Batcave back.
Google’s release of this attack came in the form of a detailed technical paper which described Spectre as follows:
Spectre attacks induce a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.
Now for the analogy:
During their time off between battles, the Justice League likes to play hide and seek in Batman’s mansion. Normally, everybody hides and the seeker has to go around and search for all the other people. However, today it’s Superman’s turn to seek and he just doesn’t want to play! Instead of honestly going around and searching for the rest of the team, Superman decides to cheat and use his x-ray vision. Now, Superman can see exactly where everybody is! In addition, he now knows where Bruce hides all his valuables — including his bespoke Superman action figure!
First, let’s look at Google’s description:
First, an attacker makes the CPU execute a transient instruction sequence which uses an inaccessible secret value stored somewhere in physical memory. The transient instruction sequence acts as the transmitter of a covert channel, ultimately leaking the secret value to the attacker.
Now, let’s take a look at the analogy
Batman is trying to recruit the flash to the justice league. As he and the flash are walking down the street, Batman whispers the location of the bat cave into the flash’s ear. Unfortunately for them, the Joker has installed super advanced listening devices all over the city and now knows exactly where the Batcave is.
Unfortunately, there’s really not much you can do as a normal user to protect yourself. These attacks constitute a whole new genre of vulnerability in modern computers and the only solution is waiting for an operating system patch to come out. Luckily, Microsoft, Apple, and the open source developers working on Linux have already pushed out patches that should prevent this attack and researchers all around the world are working to replicate, mitigate, and prevent attacks such as these from happening again.