Jan 04

Meltdown & Spectre Attacks – Intel, AMD, ARM at risk

tl;dr: Before we go into the technical details, stay assured your coins are safe on Ledger’s devices. For more details, jump to the dedicated sections.

 

Security researchers at Google in conjunction with several researchers from academia and industry discovered two major security flaws. These attacks are called Meltdown and Spectre.
Following the usual process, a responsible disclosure have been applied letting some time to developers to mitigate the threats.

Initially the issue should have been published in a few days (the 9th of January)  but with the speculations about the recent patches on Linux (Linux Patch), it’s finally been published today (2018/1/4)

What lies behind these attacks?

The security of computers is often based on memory isolation.

Modern CPU as Intel, AMD, and recent ARMs use out-of-order execution in order to increase performances. Out-of-order execution is a paradigm which allows parallel executions of instructions in an order driven by the availability of data to be processed. It’s implemented in the high performance CPU to optimize each cycle. These cycles are used to process the next instructions for which the data is available rather than waiting for the data of the current instruction to be available. This mechanism is very efficient performancewise but it allows Side Channel Attacks (Cache attacks for instance). Cache-Attacks exploit the time differences that are introduced by the use of these caches allowing the attacker to know if the data contained in these caches have been used or not at a certain point of time.

This mechanism is associated with Branch Prediction Unit (BPU). When a branch instruction is decoded, instead of evaluating it linearly, the BPU gives a guess of which branch will be taken next in order to execute it. If the guess was correct, there is a speed up, the whole block has been executed in parallel instead of waiting for the condition to be evaluated. If the guess was incorrect, the wrong execution is rolled back: the microarchitectural state changes: registers and memories are restored. This mechanism also allows several attacks. A well known BPU Side Channel Attack allows to retrieve the full exponent of a RSA-based signature (for instance SBPA).

These two mechanisms allows what is called “speculative execution”. Meltdown attack shows how the speculative execution can change the microarchitectural state in order to leak information. Then the attack is refined for a large exploitation allowing to dump data in the kernel space, breaking completely the isolation.

What are the impacts?

We don’t know yet. They could be huge. Any modern machine is potentially affected by the attack. It does not depend on specific software implementation nor Operating System (MacOS, Linux and Windows are affected). Furthermore, it’s very difficult to patch since the problem comes from the Hardware (even if Intel does not completely agree). The attacks will probably be mitigated by software patches. But from our understanding, there is currently no complete solution.

So disconnect your RJ45 (I hope you don’t use WiFi) and get your popcorn bags, it’s coming.

Is my Ledger hardware wallet affected?

Here is the good news. Ledger’s devices are not affected by these attacks.

  • First of all, to exploit these flaws, the attacker has to be able to run arbitrary code. As long as you only use Ledger’s embedded apps (which is strongly recommended), your Nano S / Blue is not vulnerable to these kind of attacks.
  • Furthermore, BOLOS (Ledger’s secure OS) runs on Secure Chips and takes advantage of Hardware security features such as MPU to ensure memory isolation between OS and apps spaces. On general purpose CPUs, the performance is the main concerns, no specific hardware-based mechanism is provided to enforce isolation
  • Meltdown attack takes advantage of general purpose CPU which implement ‘out of order’ execution to improve performance. The Secure Core implemented in the Secure Element of Ledger Nano S does not embed such a feature. It’s not designed for performance but for security.

 

My PC is attacked, is the security of my Ledger still ensured?

Yes. The Ledger hardware wallets have been designed to securely use and store your crypto-assets even in an untrusted environment. No one can access your secrets. Your private keys are hold in the Secure Element (secure chip), they never leave it. Whenever an output transaction needs to be made, the transaction is signed inside the Secure Element and the private keys are not available in the computer the Ledger device is connected to. Whenever a transaction is made, the user consent is asked on the device. It’s the responsibility of the user to check the address where the crypto-currencies will be transfered.

Some recap’ on security:

  • Don’t share your PIN
  • Always check the address where you transfer your currencies to
  • NEVER share your 24-words. Keep them in a secure place
  • Install only application from ledgerwallet.com website

Few references