Chip flaw discovered in Intel, ARM, and AMD

wkleem
wkleem
Community Member
«1

Comments

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    Seems like fixes are on the way, OS and app. What I am curious about is does this affect SGX, since no one is saying what can be leaked just disturbances in "the force" or the caches. ( as usual, ARS has a nice article. I'm sure the Reg is good as well. https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/ )

    Hmmm... speaking of the Reg, same Researching team found this out in March.... sounds very related.

    We combined DRAM and cache side channels, to build a novel approach that recovers physical address bits without assumptions on the page size. We attack the RSA implementation of mbedTLS that is used for instance in OpenVPN. The attack succeeds despite protection against sidechannel attacks using a constant-time multiplication primitive.

    https://www.theregister.co.uk/2017/03/07/eggheads_slip_a_note_under_intels_door_sgx_can_leak_crypto_keys/

  • 365nice
    365nice
    Community Member

    I am curious on the agile bits take on this - would 1P data be easily compromised - I’m guessing it would be the act of decrypting your password where the look ahead caching bug might expose your now decrypted password in memory - although it sounds very tricky to do?

    The 1P question is possibly how long your password stays decrypted in memory for another process to potentially hikack it? Do they take steps to minimise this kind of risk?

    Tim

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    I’m going with the second the chip is compromised and the protected memory areas are compromised everything is up for grabs...

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    The Intel CPU flaw (and lesser extent other chips) is a big deal. It allows for a whole (new) category of malware to do things that it otherwise shouldn’t be able to do. This is not a good thing, and it remains a threat until operating systems are updated to no longer rely on some specific security features of the CPUs.

    But just because it is an extraordinary bug doesn’t mean that it requires an extraordinary response from most people. (Operating system designers are not “most people.”) The same practices that you should already be doing are enough.

    What you can do is what you may already be doing

    Malware that exploits meltdown may be particularly powerful, but it is still just malware. And so the practices that we’ve always recommended are the practices that will protect you now.

    1. Keep your system and software up to date
    2. Be careful about where you get your software.

    Regarding point 1, it appears that the latest version of High Sierra already has defenses guard against meltdown. If you using macOS be sure that you are up to date. It also appears that Microsoft is in the process of releasing a security update for Windows.

    For the second point, I recommended app stores, such as the Mac App Store and the Microsoft Store. They can’t guarantee that no malware slips through, but the provide the easiest and most effective filter available.

    Don't panic

    Whatever you do, don’t respond to “scareware”. Scareware is typically sold through something that pops up fake alerts about your system being infected or compromised. These scary (and fraudulent) alerts then try to entice you into installing and running tools that will “clean” or “repair” your system. Unfortunately those tools do the exact opposite of what they claim to do.

    Panicked people make poor security choices. And so this is why I am worried that fear about this issue might lead people to become more susceptible to scareware. Take a deep breath, don’t panic, and be calmly suspicious of scary alerts.

    What we can do is what we have already been doing

    1Password is designed so that even if an attacker can read every bit of data on our systems they cannot learn your secrets. We simply don’t have the capacity to decrypt your data, and that holds of anyone who compromises our systems. This has been essential to 1Password’s design from the very beginning, and it is why we don’t have to panic either.

    Furthermore, it appears that AWS (our hosting provider) has already begun patching the servers. Keeping up with updates is one of the things we hire them to do.

    Same as it ever was

    I don’t want to downplay the extraordinariness of these bugs. They are fascinating in many ways, and they have broad impacts. But unless your job is to design and maintain operating systems, you should just follow normal practices of keeping your system up to date and not installing dodgy software.

  • hotpancakes
    hotpancakes
    Community Member

    How do the recently disclosed Spectre/Meltdown processor vulnerabilities affect 1P security?


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • OrwellianChild
    OrwellianChild
    Community Member

    @jpgoldberg - Thanks for the reply, but this only addresses AgileBits' server-side security. Meltdown can literally read passwords typed into managers through Javascript on a website. This could reveal our secrets when attempting to use 1Password browser plugins or even the 1Password desktop app.

    Is AglieBits planning to address this with patches to 1Password on the client-side?

    Thanks for the feedback...

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    I'm sorry if I wasn't clear, @OrwellianChild.

    Any powerful malware on your machine can read such things. So you need to follow common sense measures I described to keep your system free of malware. And in this respect meltdown and variants don't differ from other malware. What makes meltdown (and friends) so different is that operating system developers need to make major changes.

    In terms of Spectre (which is much harder to exploit), it may be that there is some action we need to take, but that is unclear and far too early to tell. We may need to recompile 1Password on fixed systems. But it is likely that our normal practices mean that not even that is necessary.)

  • OrwellianChild
    OrwellianChild
    Community Member

    @jpgoldberg I appreciate the dialog, and I hope I'm not coming off beligerent, but historically speaking, local malware requires a machine to already be compromised to obtain local secrets like this. Meltdown is capable of compromising a machine through Javascript from a remote website, which literally makes "using the web" a compromising activity. Since web password storage is one of the primary uses of 1Password, I would expect 1Password to take extra measures to guard against leaking secrets from another session.

    For example, if an illicit website is listening in one tab/window and I input a secret through the Chrome 1Password Extension in another window, that secret could be at risk. What can be done to mitigate this risk, beyond relying on browsers to patch correctly? Same scenario goes for clipboard pasting secrets while a website is listening - how can this risk be mitigated?

    Thanks again for the feedback!

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2018

    @jpgoldberg I appreciate the dialog, and I hope I'm not coming off beligerent, but historically speaking, local malware requires a machine to already be compromised to obtain local secrets like this. Meltdown is capable of compromising a machine through Javascript from a remote website, which literally makes "using the web" a compromising activity. Since web password storage is one of the primary uses of 1Password, I would expect 1Password to take extra measures to guard against leaking secrets from another session.

    @OrwellianChild: 1Password can't protect you from a compromised OS or browser, apart from the fact that your data will remain encrypted unless you decrypt it yourself.

    This isn't any different than going to any other malicious website though. There have always been vulnerabilities in browser, ways that websites can trick you into giving them sensitive information you might not want them to have, or install malware on your system which can, again, simply capture any of your data as you access it. Only you have the keys to your data, which a great deal of power, but with great power comes great responsibility — the responsibility to be vigilant and not expose it to attackers.

    Regardless of the specific exploit, we're talking about code running on your machine which enables this, whether that be a native executable, Flash, Java, or Javascript. Nothing can happen spontaneously, only if you allow it.

    For example, if an illicit website is listening in one tab/window and I input a secret through the Chrome 1Password Extension in another window, that secret could be at risk. What can be done to mitigate this risk, beyond relying on browsers to patch correctly? Same scenario goes for clipboard pasting secrets while a website is listening - how can this risk be mitigated? Thanks again for the feedback!

    • Don't visit shady websites, and close tabs (and browser windows) you don't need to actively use. This is good advice this year same as last year, not only for security but privacy (tracking) and not having a bunch of crap wasting system resources.
    • Use 1Password in a browser/profile without other extensions installed. Most are granted broad powers — by you — to read and modify everything on a webpage you visit.

    Sticking to tried and true security best practices is the only way any of us have been able to protect ourselves up until now, and that will continue to be the case because regardless of any mitigations but in place in hardware or software, for this or any other vulnerability, you and I can circumvent that if we are not circumspect about what we allow onto our machines. Probably none of this is news to you, and if that's the case you have nothing to worry about: just keep doing what you're doing. Cheers! :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @hotpancakes: I've merged your post with the existing discussion. To be brief, so long as you continue to practice good security habits, there isn't any more to be done. Please have a look and let us know if you have any questions. :)

  • darrenNZ
    darrenNZ
    Community Member

    @OrwellianChild here's a comment I posted elsewhere

    It is huge [] and it could entirely compromise 1Password or any password manager!

    However using a password manager is far safer than not using one.

    Exploiting the new bug takes technical sophistication and is difficult to break out of the browser's sandbox.

    If somebody has exploited the bug then it could monitor everything you're doing anyway so it's just as safe to continue using 1Password as you are at the moment and making sure you keep your system patched.

    There is nothing that you can do to protect yourself from this vulnerability if it has been exploited against you previously. The current patch pushed out by Microsoft partially (but not fully) mitigates the risk.

    All you can do is keep your operating system and browser up-to-date. Some of the problems can never be fully fixed - it's how a modern CPU works. Others require a change of hardware.

    There are plenty of other bugs affecting CPUs, including backdoors that have been intentionally added, which are of greater concern yet they receive little attention.

  • AGAlumB
    AGAlumB
    1Password Alumni

    All you can do is keep your operating system and browser up-to-date.

    Also, don't run software from untrusted sources, including random websites.

    And yeah, the management engine is a tough one...

  • wkleem
    wkleem
    Community Member
    edited January 2018

    The App solutions are coming in from Chrome, Mozilla and the Antimalware companies. However isolating processes will likely raise the memory footprint 20% for Chrome. Microsoft and Apple are readying patches.

    Intel will patch the chips directly for the more current ones.

  • wkleem
    wkleem
    Community Member

    I emailed Duo about this and they replied to watch out for an upcoming blog post update soon.

    https://duo.com/blog

  • XIII
    XIII
    Community Member

    Don't visit shady websites, and close tabs (and browser windows) you don't need to actively use.

    What about malicious ads on trustworthy websites?

    (This has happened before)

  • darrenNZ
    darrenNZ
    Community Member

    @OrwellianChild

    The world's leading crypto guru has published a blog post on this.

    The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones.

    https://www.schneier.com/blog/archives/2018/01/spectre_and_mel_1.html

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2018

    @wkleem: Indeed. Mozilla has a mitigation in the latest version of Firefox, Google has one coming in Chrome later this month, and Apple has already released iOS, macOS, and tvOS updates for this, with more in the works. And of course patches to Linux are how this leaked out in advance of the planned public disclosure next Tuesday. But Microsoft's response has impressed me the most.

    It turns out that antivirus software vendors are using undocumented tricks on Windows to perform deeper analysis, and these cause instability with the necessary kernel changes in place to help mitigate Spectre and Meltdown. So until those vendors update their software accordingly, Windows disables the changes on systems with 3rd party antivirus. Yet another case of "security" software making users less secure by compromising the OS. I'm glad Microsoft is on top of this -- which is more impressive given how many different flavours of Windows there are out there. Yikes.

    Intel is also planning to provide microcode updates for CPUs...but I'd be lying if I said I understood which chips even support this. It doesn't sound like it's a panacaea.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Don't visit shady websites, and close tabs (and browser windows) you don't need to actively use.

    What about malicious ads on trustworthy websites?
    (This has happened before)

    @XIII: You're absolutely right. There isn't a silver bullet that will protect us. Fortunately the response to this in the industry as a whole has been strong and there's even more on the way. For now at least, it seems that Firefox is the safest bet, until Safari and Chrome are updated. In all cases though, these vulnerabilities are not easy to exploit, and that combined with the current and nascent patches mean that the odds are good that few actual users will be affected -- if any at all, as it isn't clear that any of this has been leveraged in the wild.

  • boboAgile
    boboAgile
    Community Member

    Hi, let me ask that security question a bit more specific. Spectre and Meltdown basically allow access to memory that does not belong to a process and should not be readable by it. If I open my 1Password vault by typing in the Master Password into a browser plugin or the main application: does this mean there are decrypted passwords in memory? Or does 1Pw decrypt a password just at the moment it is requested (to fill a web form etc.)?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @boboAgile: Great question. The answer is no. When you unlock 1Password, that does not decrypt all of the data. What's decrypted is the "overview", which contains things like title, URL, etc., which allow 1Password to match logins to the website you're visiting, and also lets you search for them. The rest of the data in an item is decrypted on demand, as you access it yourself, or have 1Password fill it for you. At that point, that item's password, etc. will be in memory. Once this information is no longer needed, it's marked to be cleared from memory. Exactly how and when that happens is up to the OS. But more to the point, these vulnerabilities aren't allowing apps to directly read each other's memory directly; they're allowing them to make educated guesses about where to look, get some code that's been generated by speculative execution — but not actually requested, and potentially erroneous, if the branch was incorrectly predicted — and then try to use that code backsolve and discover some actual code that the prediction was based on. Hopefully that makes sense, but even if it doesn't completely I think it helps to illustrate how complex this is, both to describe and to exploit. There's comfort in that. :)

  • boboAgile
    boboAgile
    Community Member
    edited January 2018

    It is a bit more frightening, as Spectre and Meltdown actually allow a process to read foreign memory. Only in tricky ways which limits the speed of reading to e.g. 500 KByte/s from a chosen address - but still. You can see it in demos on the web (reading passwords from Firefox's memory e.g.). I think this is quite substatial.

    I'd like to know
    1. Does 1Pw zero-out a password in memory that is no longer needed (and not just rely on the OS)?
    2. If I unlock a vault and have the "hide passwords" option deactivated I would assume that more the one password is decrypted at a given point in time so that the user can scroll though the list of entries and see the passwords, right?

    I guess the conclusion is: you cannot treat the memeory of a process as private and proteced anymore (if you ever could). You have to limit the amout of decrytped sensitive data and the time of its exposure to an absolute minumum.

  • AGAlumB
    AGAlumB
    1Password Alumni

    It is a bit more frightening, as Spectre and Meltdown actually allow a process to read foreign memory. Only in tricky ways which limits the speed of reading to e.g. 500 KByte/s from a chosen address - but still. You can see it in demos on the web (reading passwords from Firefox's memory e.g.). I think this is quite substatial.

    @boboAgile: That would be, except I haven't seen that borne out in any of the research or security coverage of this. Can you share your sources? I think you may be conflating this with recent browser autofill exploits.

    I'd like to know
    1. Does 1Pw zero-out a password in memory that is no longer needed (and not just rely on the OS)?

    Unlike mechanical hard drives, that isn't possible given the way multitasking operating systems work (similarly, you cannot zero our specific data on flash memory, as in SSDs — that's why device encryption and process isolation are so important these days).

    1. If I unlock a vault and have the "hide passwords" option deactivated I would assume that more the one password is decrypted at a given point in time so that the user can scroll though the list of entries and see the passwords, right?

    It's decrypted on demand. I'm trying to think of an instance where you can even have multiple items' details displayed onscreen, and I can't, but if there's a case I'm forgetting, they only need to be decrypted in order to be displayed, and are not otherwise.

    I guess the conclusion is: you cannot treat the memeory of a process as private and proteced anymore (if you ever could). You have to limit the amout of decrytped sensitive data and the time of its exposure to an absolute minumum.

    Exactly. Please see my comments above.

  • boboAgile
    boboAgile
    Community Member

    See https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/ and https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/ ("Using these timings, it's possible for one process to infer properties of data belonging to another process—or even the operating system kernel or virtual machine hypervisor.") for some basic information.

    A bit more hard to read is https://meltdownattack.com/meltdown.pdf but you can see a nice picture of the problem in Figure 5. Quote: "In this section, present Meltdown, a powerful attack allowing to read arbitrary physical memory from an unprivileged user program".

    The 500 KBytes/s number for Meltdown is from an analysis of a reputable German IT magazine: https://www.heise.de/newsticker/meldung/Analyse-zur-Prozessorluecke-Meltdown-und-Spectre-sind-ein-Security-Supergau-3935124.html. I'm sure it can be found elsewhere.

    Firefox: Mozilla released a patch to prevent (make harder) reading foreign memory

    When I say "memory" I mean RAM, not storage like hard disks / SSDs. Of course 1Pw could overwrite memory (RAM) with zeros before deallocating it.

    Regarding the decryption of passwords by 1 Pw with the "hide passwords" option deactivated: if It click through the list of objects in 1Pw I immediately see the passwords in the right detail panel. Are you saying these password are decrypted right at that moment? I would assume you have to provide the UI framework with all the strings (i.e. also the decrypted password) beforehand and leave the scrolling, rendering, etc. up to the UI framework.

    Please have a look at these things with some security expert.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @boboAgile: Yeah, we're reading the same stuff, but I think you're reading too much into it:

    Using these timings, it's possible for one process to infer properties of data belonging to another process—or even the operating system kernel or virtual machine hypervisor.

    A key word here is "infer"; that's why it's not trivial. Less than 2GB per hour is also not great. This is not real time access to system memory; even for my old laptop here that's a workday.

    Firefox: Mozilla released a patch to prevent (make harder) reading foreign memory

    Yes, I mentioned that above.

    When I say "memory" I mean RAM, not storage like hard disks / SSDs. Of course 1Pw could overwrite memory (RAM) with zeros before deallocating it.

    Modern operating systems are memory-managed. "Zeroing out" RAM, at best, causes instability; at worst it's another exploit.

    Regarding the decryption of passwords by 1 Pw with the "hide passwords" option deactivated: if It click through the list of objects in 1Pw I immediately see the passwords in the right detail panel. Are you saying these password are decrypted right at that moment? I would assume you have to provide the UI framework with all the strings (i.e. also the decrypted password) beforehand and leave the scrolling, rendering, etc. up to the UI framework.

    Decrypting a single item on modern hardware does not take much, and is generally hardware-accelerated.

    Please have a look at these things with some security expert.

    What a bizarre thing to say! I thought I was looking at these things with you. :lol:

  • boboAgile
    boboAgile
    Community Member

    I'm certainly not an expert just someone who took his processor design, memory management and OS knowledge from university (which is long ago...) and read some stuff.

    Quite honestly I do not know what to say, e.g. towards "Modern operating systems are memory-managed. "Zeroing out" RAM, at best, causes instability; at worst it's another exploit.". All I'm saying is that a programm can set a program variable which stores sensitive information (like a password) to zero (or some random value) it no longer needs. Why would that harm?

    I think you are greatly downplaying the issues. Which does not exactly help to keep my trust in 1Pw I have build as a long term customer.

  • Thanks for the feedback! We’re just trying to be realistic, not downplay things. It’s been a solid discussion so far, and I can understand that simply talking about things doesn’t always cause changes to happen immediately. But I’m glad we had a discussion about it, and we’ll be talking about this more internally down the road I’m sure. :)

  • boboAgile
    boboAgile
    Community Member

    Thanks, guys. It is just me being a bit alarmed that even "private" system memory is not private anymore (feels like the 80ies with no memory protection). That lead me directly to think about the most valuable application I'm running on all my platforms: 1Password!

    P.S. this breach may be relatively new to me and others but it is actually not so complex and knowing that this was possible on Intel processors since the mid-90ies one has to wonder who already took advantage of it... :(

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    Oh yeah... TLAs of every nation state come to mind.... I'll never believe they didn't know.

  • boboAgile
    boboAgile
    Community Member

    P.S. see https://keepass.info/help/base/security.html#secmemprot for what I meant with limting the exposure of decrypted passwords in (process) memory.

This discussion has been closed.