They were there for two decades, quietly installed in Intel’s computer processors. And no one suspected it. And yet, the critical computer flaws Meltdown and Spectre represent an unprecedented cyberattack threat. The former could be used to steal all types of information from users, and the latter affects the processors, requiring a full restructuring of their very architecture to eradicate it. Here’s the story behind how researchers have suddenly caught on.
Yuval Yarom, the scout from Australia
On the byline of the academic article recounting Spectre’s discovery is the name Yuval Yarom. But Yarom, a University of Adelaide in Australia researcher, has not led research on the subject lately. In truth, his work dates back to 2005. If no one suspected anything then, his findings contained several fundamental clues that have exposed the weaknesses of modern processors. Unconsciously, Yarom’s work marked the beginning of the Spectre episode, which would lead to a global scandal.
KASLR & KAISER
2013. Things become serious: the flaw KASLR (Kernel Address Space Layout Randomization) is discovered. The weakness allowed hackers access to the kernel model, then to the operating system of another user – but not to personal data. Still, it was a good start, which would serve as the basis for a number of discoveries made four years later, in 2017. At a parade, researchers from the University of Graz unveiled KAISER, a protection for processors that simply masks the location of the computer’s memory to set up a smokescreen and evade attacks. KAISER worked, but it also took a serious toll on processor performance
Google, Amazon et Microsoft enter the field
While we thought we could rest easy with KAISER, things took another turn. In July 2017, Anders Fogh, an independent researcher, published an article on his blog that was highly skeptical of the imagined security of processors. Time proved him correct; unwittingly he had discovered the Spectre and Meltdown flaws, while everyone else simply assumed that if the flaws existed, the manufacturers surely would have fixed them. Coincidence or not, that same autumn, Google, Amazon and Microsoft all set their sights on a KAISER patch, without announcing why. Researchers at Graz became suspicious, and upon discovering Anders Fogh’s work, they began to flip: their patch, which they had thought was sufficient, was actually covering up an even more dangerous flaw than KASLR. So they created a computer program to highlight the weakness, and they quickly succeeded in pulling supposedly untraceable information from a private computer. That program would be known as Meltdown.
Intel knew all along
They urgently reached out to Intel, before learning a week later that they weren’t the first, but the fourth group to make the discovery. The first, in June 2017, with his hands on what would become Meltdown and Spectre was Janh Horn. He was 22 and worked on Google’s famous Project Zero, which is tasked with finding these types of flaws. Taking an interest in Intel processors for the project, he noticed a massive weakness while reading over the user manual – yes, it was that simple. That weakness left supposedly secret information exposed in the processor’s cache, which could then be exploited. So he, too, had discovered a technique that exposed the critical Spectre flaw. In June, he warned Intel, AMD and ARM (the three processor manufacturing giants) of the Meltdown flaw, which he’d also discovered some weeks earlier – and only contacted Intel about Spectre, since it was the only company concerned. As to the sudden interest of Google, Amazon, and Microsoft, it’s clear they were informed by the manufacturers.
The question now is: who know and said nothing? The NSA, to whom most heads are turning, was cleared by the Washington Post. As for other agencies, impossible to say as of yet.