adNET Academy Blog

Billions of Computer Devices Won’t Get Intel’s Spectre Fix

Written by Ryan Howarter | Apr 20, 2018 10:44:00 AM

17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips.

The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project Zero.

Paul’s collaboration team regarding the chip flaw and the notorious Spectre Attacks were:

  • Daniel Genkin (the University of Pennsylvania and University of Maryland)
  • Mike Hamburg (Rambus)
  • Moritz Lipp (Graz University of Technology)
  • Yuval Yarom (University of Adelaide and Data61)

The research findings from Paul Kocher’s team and Jann Horn supported what the U.S. Department of Commerce’s agency, NIST (National Institute of Standards and Technology) found. At NIST’s, National Vulnerability Database website is the research published on January 4, 2018.

Take note of these excerpts, the indirect branch prediction and branch prediction in both announcements:

CVE-2017-5715

Current Description: “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”

CVE-2017-5753

Current Description: “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”

After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann’s security research findings with this disbelieving statement: “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a “bug”, or a “flaw” was not possible. Their explanation was, “there are many types of computing devices, using different vendor’s operating systems and processors. All are at risk of being exploited.”

But Paul’s team exploited speculative execution and had solid proof.

They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor.

In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test.

When they attacked using native code, they were able to read the entire victim’s memory address space, including the secrets stored within it, with ease.

When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort.

The research evidence was irrefutable.

Their results showed there was a flaw in Intel chips.

A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: “Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero.”

Three months later on April 2, 2018, Intel’s Microcode Revision Guidance is released and what’s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended.

Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev.

The pages with the discontinued products are below:

  • Page 4: Bloomfield and Bloomfield Xeon
  • Page 7: Clarksfield
  • Page 8: Gulftown and Harpertown Xeon CO & EO
  • Page 11: Jasper Forest
  • Page 12: Penryn/QC
  • Page 15: SoFIA 3GR
  • Page 16: Wolfdale CO, MO, EO & RO, Wolfdale Xeon CO & EO
  • Page 17: Yorkfield & Yorkfield Xeon

When you review the columns, you will see one labeled STOP deploying these MCU revs. Intel’s definition for this column is as follows:

  • Intel recommends discontinuing using these select versions of MCU that were previously released with mitigations for Variant 2 (Spectre) due to system stability issues.

Intel also states in their Microcode Revision Guidance Legend:

  • “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release”
  • “Microcode updates for these products for one or more reasons including, but not limited to the following:”
  • “Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)”
  • “Limited Commercially Available System Software support.”
  • “Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.”

As you can see, Intel’s exhaustive investigation could not discredit Paul, Jann and NIST’s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products.

If you own a PC, Mac, or Cell phone, a Spectre attack can affect your device. If you use Cloud Services, your provider’s infrastructure may be vulnerable to a Spectre attack and theft of customer’s data. If your device uses any of Intel’s older microprocessors, you may be shopping around for a new machine.