paint-brush
How Intel’s Screw Up Has Put your Cryptocurrencies at Riskby@BestofICOs
608 reads
608 reads

How Intel’s Screw Up Has Put your Cryptocurrencies at Risk

by Best of ICOsJanuary 17th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The teams at Google and other institutions have discovered that any program can read data that you are not supposed to, including kernel data (the whole memory of your computer). The worst part is that the problem is hardwired in all modern CPUs. So it <strong>cannot be fixed with software</strong> as far as we know (without delaying software a lot). However there is something called a microcode correction that is possible

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - How Intel’s Screw Up Has Put your Cryptocurrencies at Risk
Best of ICOs HackerNoon profile picture

Before reading this review, please read our disclaimer at the bottom of the article or here.

The Major Exploits That Lead to a Conspiracy

Intro

The teams at Google and other institutions have discovered that any program can read data that you are not supposed to, including kernel data (the whole memory of your computer). The worst part is that the problem is hardwired in all modern CPUs. So it cannot be fixed with software as far as we know (without delaying software a lot). However there is something called a microcode correction that is possible

So how does this affect your precious cryptocurrencies? Well, people can exploit this memory readability issue with software anywhere, including JavaScript on a webapp. That’s right, you could be loading a website that could be reading the memory in your computer, including the public/private keys you have installed, or that major companies have stored.

A couple of months ago, Intel’s CEO sold stocks worth $24M USD, just before the problem was found, causing many to think that he was fully aware of the problem.

The Hack

What We Know

In January 3rd 2018, Google’s Project Zero, and other collaborators, made public a series of vulnerabilities in modern CPU technology. This was about 6 months after the vulnerabilities were disclosed to the manufacturers of the CPUs back in June of 2017.

On October 27th, Intel’s CEO, Brian Krzanich sold most of his stock in the company, worth over $24 million dollars, or about 889,878 shares. Leaving him with only 250,000 stocks in the company. Many believe that the sell could be related to the vulnerability becoming public.

Spectre

Spectre is a family of exploits in the way that CPU’s architecture to work. They take advantage of 2 features of a modern CPU:

  1. Out of Order execution: CPU optimizes the order of instructions for speed
  2. Speculative execution: CPU executes a task that isn’t necessary in case is needed later, in order to prevent delays once its needed

Spectre needs to take advantage of both

  1. Access values it shouldn’t have access to
  2. Returns those values from memory back

Modern CPUs are designed to execute things fast, so fast that some tasks are executed before they are required, in order to clear up bottlenecks before they happen. During this short period of time, the attacker takes advantage of this prediction. It is code that the software predicts will be needed, but is not sure when, and takes advantage of the fact that it knows when it was executed, in order to get access to cache. The cache returns value in memory that enables the software to extract data from that cache vulnerability.

Meltdown

Meltdown is one of the techniques to exploit the vulnerability (it’s part of the spectre vulnerability family), specifically to access kernel memory.

In simple terms, meltdown takes advantage that it can be run before other software that requires security permissions. So it is able to infiltrate and look at the data that the kernel is receiving without having to showing it is authorized to look at that data. And it does this at the kernel level.

Kernel refers to computer programs that are core to the functionality of a computer. The real danger here is that the kernel sits between the applications, and the hardware, so essentially anything that goes to your CPU, Memory or Devices is connected to the apps you use through the kernel.

Having access to the kernel essentially enables the attacker to look at things stored in your computer, and how programs behave with it. It is an extremely important and sensitive part of a computer.

Conclusion — Kernel Panic?

It is believed that the only way to fix this problem is to redesign current CPU architecture. Which means that electronics designed as of now all carry the vulnerability. That said, a lot of solutions are currently attempting to solve this through software.

The down side? All the solutions currently slow down computers significantly. Up to 30% of the speed of all devices, including phones, tablets, and anything with a CPU would be slowed down.

Our recommendation? Stop using computers forever.

Just kidding… As this is resolved, it is probably wise to manage a large portion of your cryptocurrencies in cold storage, and at least wait out until more fixes come.

Note: The Hack affects most modern CPU architectures which includes: AMD, Intel, Qualcomm, ARM, etc. But does not involve Application Specific Integrated Circuits, “ASIC”.


Looking to help?Support us on Bountey! https://www.bountey.com/bestoficos


_Want to stay up to date in ICOs?_Visit us at https://thebestoficos.com


_Have an interesting story?_Write us at [email protected]

Disclaimer

This website and the information contained herein is not intended to be a source of investment, financial, technical, tax, or legal advice. This website cannot substitute for professional advice and independent factual verification. The ideas and strategies on this website should never be used without first assessing your own personal financial situation, and without consulting a financial professional. All content in this website is for informational purposes only, and is provided “as is”, with no guarantee of completeness,accuracy, timeliness or of the results obtained from the use of this website. This is just a stub, your access to and use of this website is conditioned upon your acceptance of and compliance with the Full Disclaimers. The Disclaimers apply to all visitors, users, and others who wish to access or use this website.