Spectre, the Deep Firmware Threat
Born before silicon-level security was deemed necessary, speculative execution is now something Intel and other leading companies are wrestling with
For years, CPU architectures have used predictive actions to speed up the pipeline with respect to how they handle memory. To gain speed in throughput, a processor loads data into as many as four levels of cache. Cache is closer to the processor, reducing memory fetch time. When it comes to speed of access the hard disk drive ranks lowest on the memory hierarchy.
Speculative execution is similar in that it, according to Apple, “improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU.” This predictive, or speculative, behavior has led to a security flaw that makes nearly every processor in cloud servers, personal computers, smartphones, or tablets vulnerable to a hack. Of course, if you have an isolated processor, you have few worries, but cloud servers have a multitude of third-party software running on them. Given the growing number of multi-party entanglements, operating systems and web browsers are affected, and engineers have been working on patches for Windows, iOS, and Linux.
There are two potential security flaws that exploit speculative execution, and they are Spectre and Meltdown. Both have been a secret, discussed only on a need-to-know basis among major hardware, cloud, and software companies since around mid-2017. Apple, Intel, AMD, Arm, Microsoft, Google, Amazon, and higher-ups working with the Linux kernel knew and were preparing patches.
Why did this happen? There’s still a need for speed, and the door is closing on Moore’s Law. Improvements in performance while reducing cost and increasing power efficiency aren’t coming as quickly as chip designers butt up against the laws of physics. How did this happen? Security needs to start at the physical layer, in the silicon. The speculative execution technique was introduced and became a standard before security was considered necessary at the silicon level.
Humankind is making incredible forays forward into technology, yet just behind it, hackers are creating unnecessary roadblocks based on petty greed (ransomware), ego (viruses that accomplish nothing), and revenge (DoS attacks). The good news is that there was about a seven-month lead before outsiders put the pieces together. Clues came from open source Linux patches and some email list discussions shortly before the intended reveal/release date. The press revealed the hack a week prior to the anticipated date. Apparently, enough had been revealed such that hackers could piece it together, and the media felt that the public needed to know. Regardless, IT personnel worldwide are working hard to apply firmware updates and patches before the flaw can be exploited.
Lynnette Reese is Editor-in-Chief, Embedded Intel Solutions and Embedded Systems Engineering, and has been working in various roles as an electrical engineer for over two decades. She is interested in open source software and hardware, the maker movement, and in increasing the number of women working in STEM so she has a greater chance of talking about something other than football at the water cooler.