IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Spectre vulnerabilities cannot be mitigated by software alone

Researchers found that one variant of the critical data-leaking flaw "defeats everything we can think of"

Spectre processor flaw

A team of Google researchers has demonstrated the Spectre vulnerabilities present in many of today's processors cannot be completely mitigated by applying software fixes, as has been assumed.

Variants of the Spectre flaw discovered last year, which involves information leaking via 'speculative execution' or functions performed early to speed up computation, are not just software glitches but lie in the foundations of the hardware.

In their paper titled 'Spectre is here to stay: An analysis of side-channels and speculative execution', the researchers concluded that Spectre fundamentally defeats an important layer of software security.

As part of the process, the researchers built a universal read gadget that destroys the idea of language-enforced confidentiality when deployed, which could allow an attacker, for instance, to read all the memory in the same address space.

"We now believe that speculative vulnerabilities on today's hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations," the researchers wrote, "as we have discovered that untrusted code can construct a universal read gadget to read all memory in the same address space through side-channels.

"Computer systems have become massively complex in pursuit of the seemingly number-one goal of performance. We've been extraordinarily successful at making them faster and more powerful, but also more complicated, facilitated by our many ways of creating abstractions.

"Our models, our mental models, are wrong; we have been trading security for performance and complexity all along and didn't know it," they added. "It is now a painful irony that today, defence requires even more complexity with software mitigations, most of which we know to be incomplete."

One of the major challenges identified was mitigating the vulnerabilities presented by the Spectre flaw, with the researchers learning that the four variants analysed bypassed normal safety checks and the assumption of language type safety.

Variant 4, for example, dubbed speculative aliasing confusion, "defeats everything we can think of", with the researchers exploring more prospective mitigations for this attack over any other but found "it proved to be more pervasive and dangerous than we anticipated".

The Spectre and Meltdown attacks are the terms prescribed to variants of the same processor vulnerability discovered last year, which involves a malicious program gaining access to data normally protected by a kernel. This kernel on a computer chip moves data around the various sections of memory in response to the functions a user is carrying out.

Either, or both, vulnerabilities have affected more or less all chips from the major manufacturers built in the last couple of decades, with CPUs from not just Intel but also ARM and AMD vulnerable to exploitation.

As opposed to Meltdown attacks, which 'melts' the boundaries set in place at a chip's hardware level that should in theory protection sections of the memory, Spectre attacks are more targeted and require knowledge of the victims' systems. They have always been harder to exploit, but also harder to mitigate.

"It was always apparent that the Spectre vulnerabilities were not easily fixable," Kaspersky's principal security researcher David Emm told IT Pro. "Spectre opened new ways of exploitation that might affect different software in the months and years to come.

"Most of the patches that were released in the wake of Spectre and Meltdown, minimised the surface of the attack but did not eradicate it completely. This is likely to continue to be the case."

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

Empowering employees to truly work anywhere

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022